New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ZAP Scan Baseline Report #2826

Open

vc-ci opened this issue Aug 7, 2024 · 21 comments

Contributor

vc-ci commented Aug 7, 2024

Site: https://vcptcore-dev.govirto.com
New Alerts
- CSP: Wildcard Directive [10055] total: 2:
  - https://vcptcore-dev.govirto.com
  - https://vcptcore-dev.govirto.com/
- CSP: script-src unsafe-inline [10055] total: 2:
  - https://vcptcore-dev.govirto.com
  - https://vcptcore-dev.govirto.com/
- CSP: style-src unsafe-inline [10055] total: 2:
  - https://vcptcore-dev.govirto.com
  - https://vcptcore-dev.govirto.com/
- Sub Resource Integrity Attribute Missing [90003] total: 2:
  - https://vcptcore-dev.govirto.com
  - https://vcptcore-dev.govirto.com/
- Cross-Domain JavaScript Source File Inclusion [10017] total: 2:
  - https://vcptcore-dev.govirto.com
  - https://vcptcore-dev.govirto.com/
- Dangerous JS Functions [10110] total: 4:
- Permissions Policy Header Not Set [10063] total: 11:
- Timestamp Disclosure - Unix [10096] total: 1:
  - https://vcptcore-dev.govirto.com/modules/$(VirtoCommerce.Notifications)/dist/app.js?v=Gx54drFiY-ENv-Be4qH5jfR-YiymsQdgVlCIOfmDKjM
- Base64 Disclosure [10094] total: 12:
- Information Disclosure - Suspicious Comments [10027] total: 11:
- Modern Web Application [10109] total: 2:
  - https://vcptcore-dev.govirto.com
  - https://vcptcore-dev.govirto.com/
- Re-examine Cache-control Directives [10015] total: 3:
- Sec-Fetch-Dest Header is Missing [90005] total: 3:
- Sec-Fetch-Mode Header is Missing [90005] total: 3:
- Sec-Fetch-Site Header is Missing [90005] total: 3:
- Sec-Fetch-User Header is Missing [90005] total: 3:
- Storable and Cacheable Content [10049] total: 11:

View the following link to download the report.
RunnerID:10285515353

ZAP is supported by the Crash Override Open Source Fellowship

Contributor

mvktsk commented Aug 7, 2024

Task https://virtocommerce.atlassian.net/browse/VP-8611 has been created

Contributor Author

vc-ci commented Sep 12, 2024

Site: https://vcptcore-dev.govirto.com
New Alerts
- Retrieved from Cache [10050] total: 12:

View the following link to download the report.
RunnerID:10834678197

Contributor Author

vc-ci commented Sep 20, 2024

Site: https://vcptcore-dev.govirto.com
Resolved Alerts
- Retrieved from Cache [10050] total: 12:

View the following link to download the report.
RunnerID:10957056141

Contributor Author

vc-ci commented Sep 25, 2024

Site: https://vcptcore-dev.govirto.com
New Alerts
- Retrieved from Cache [10050] total: 12:

View the following link to download the report.
RunnerID:11034025678

Contributor Author

vc-ci commented Sep 30, 2024

Site: https://vcptcore-dev.govirto.com
Resolved Alerts
- Retrieved from Cache [10050] total: 12:

View the following link to download the report.
RunnerID:11105611076

Contributor Author

vc-ci commented Sep 30, 2024

Site: https://vcptcore-dev.govirto.com
New Alerts
- Retrieved from Cache [10050] total: 13:

View the following link to download the report.
RunnerID:11106283419

Contributor Author

vc-ci commented Oct 2, 2024

Site: https://vcptcore-dev.govirto.com
New Alerts
- Cookie without SameSite Attribute [10054] total: 3:
- Session Management Response Identified [10112] total: 3:
Resolved Alerts
- Retrieved from Cache [10050] total: 13:

View the following link to download the report.
RunnerID:11145528201

Contributor Author

vc-ci commented Oct 7, 2024

Site: https://vcptcore-dev.govirto.com
New Alerts
- Retrieved from Cache [10050] total: 12:

View the following link to download the report.
RunnerID:11220205108

Contributor Author

vc-ci commented Oct 16, 2024

Site: https://vcptcore-dev.govirto.com
Resolved Alerts
- Retrieved from Cache [10050] total: 12:

View the following link to download the report.
RunnerID:11363893745

Contributor Author

vc-ci commented Oct 23, 2024

Site: https://vcptcore-dev.govirto.com
New Alerts
- Retrieved from Cache [10050] total: 12:

View the following link to download the report.
RunnerID:11488723720

Contributor Author

vc-ci commented Oct 24, 2024

Site: https://vcptcore-dev.govirto.com
Resolved Alerts
- Retrieved from Cache [10050] total: 12:

View the following link to download the report.
RunnerID:11498969659

Contributor Author

vc-ci commented Oct 24, 2024

Site: https://vcptcore-dev.govirto.com
New Alerts
- Retrieved from Cache [10050] total: 13:

View the following link to download the report.
RunnerID:11500064251

Contributor Author

vc-ci commented Oct 25, 2024

Site: https://vcptcore-dev.govirto.com
Resolved Alerts
- Retrieved from Cache [10050] total: 13:

View the following link to download the report.
RunnerID:11512794860

Contributor Author

vc-ci commented Nov 12, 2024

Site: https://vcptcore-dev.govirto.com
New Alerts
- Retrieved from Cache [10050] total: 15:

View the following link to download the report.
RunnerID:11797408535

Contributor Author

vc-ci commented Nov 14, 2024

Site: https://vcptcore-dev.govirto.com
Resolved Alerts
- Retrieved from Cache [10050] total: 15:

View the following link to download the report.
RunnerID:11835406738

Contributor Author

vc-ci commented Nov 19, 2024

Site: https://vcptcore-dev.govirto.com
New Alerts
- Retrieved from Cache [10050] total: 12:

View the following link to download the report.
RunnerID:11920349444

Contributor Author

vc-ci commented Nov 22, 2024

Site: https://vcptcore-dev.govirto.com
Resolved Alerts
- Retrieved from Cache [10050] total: 12:

View the following link to download the report.
RunnerID:11968637126

Contributor Author

vc-ci commented Dec 2, 2024

Site: https://vcptcore-dev.govirto.com
New Alerts
- Vulnerable JS Library [10003] total: 2:
  - https://vcptcore-dev.govirto.com/dist/app.js?v=J3cRDm6aEbUuqFq_xne7q9CKgNT4EnEMpo_WTV6GTRo
  - https://vcptcore-dev.govirto.com/dist/vendor.js?v=N45s-JWFo5-b_09a5CtPCG7qwtBMzGumF-BLo1Iv0JQ

View the following link to download the report.
RunnerID:12118943042

Contributor Author

vc-ci commented Dec 2, 2024

Site: https://vcptcore-dev.govirto.com
New Alerts
- Retrieved from Cache [10050] total: 12:

View the following link to download the report.
RunnerID:12124004172

Contributor Author

vc-ci commented Dec 5, 2024

Site: https://vcptcore-dev.govirto.com
Resolved Alerts
- Retrieved from Cache [10050] total: 12:

View the following link to download the report.
RunnerID:12179824867

Contributor Author

vc-ci commented Dec 19, 2024

Site: https://vcptcore-dev.govirto.com
New Alerts
- Content Security Policy (CSP) Header Not Set [10038] total: 3:
Resolved Alerts
- CSP: Wildcard Directive [10055] total: 2:
- CSP: script-src unsafe-inline [10055] total: 2:
- CSP: style-src unsafe-inline [10055] total: 2:
- Sub Resource Integrity Attribute Missing [90003] total: 2:
- Cookie without SameSite Attribute [10054] total: 3:
- Cross-Domain JavaScript Source File Inclusion [10017] total: 2:
- Dangerous JS Functions [10110] total: 4:
- Timestamp Disclosure - Unix [10096] total: 1:
- Information Disclosure - Suspicious Comments [10027] total: 12:
- Modern Web Application [10109] total: 2:
- Re-examine Cache-control Directives [10015] total: 3:
- Session Management Response Identified [10112] total: 3:
- Vulnerable JS Library [10003] total: 2:

View the following link to download the report.
RunnerID:12409174911

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment