ZAP Scan Baseline Report

[github-actions]

• Site: http://localhost:8080
  New Alerts
  • Cross-Domain JavaScript Source File Inclusion [10017] total: 12:
    • http://localhost:8080/en-US/blogs/news
    • http://localhost:8080/en-US/blogs/news/new_page2
    • http://localhost:8080/en-US/cart
    • http://localhost:8080/en-US/blogs/news/awesome_post
    • http://localhost:8080/robots.txt
    • ..
  • Non-Storable Content [10049] total: 6:
    • http://localhost:8080/en-US/
    • http://localhost:8080/en-US/blogs/news/new_page2
    • http://localhost:8080/en-US/blogs/news/awesome_post
    • http://localhost:8080/en-US/blogs/news
    • http://localhost:8080/
    • ..
  • Loosely Scoped Cookie [90033] total: 12:
    • http://localhost:8080/en-US/common/setcurrency/USD
    • http://localhost:8080/en-US/account/login
    • http://localhost:8080/en-US/account/register
    • http://localhost:8080/en-US/blogs/news/awesome_post
    • http://localhost:8080/en-US/common/setcurrency/XPT
    • ..
  • Timestamp Disclosure - Unix [10096] total: 12:
    • http://localhost:8080/en-US/themes/assets/default.scss.css
    • http://localhost:8080/en-US/home-theater
    • http://localhost:8080/en-US/headphones
    • http://localhost:8080
    • http://localhost:8080/en-US/themes/assets/ajaxify.scss.css
    • ..
  • Sub Resource Integrity Attribute Missing [90003] total: 12:
    • http://localhost:8080/B2B-store/account/account
    • http://localhost:8080/B2B-store/account/forgotpassword
    • http://localhost:8080/B2B-store/account/item.url
    • http://localhost:8080/en-US/pages/about_us
    • http://localhost:8080/B2B-store/item.url
    • ..
  • User Controllable HTML Element Attribute (Potential XSS) [10031] total: 12:
    • http://localhost:8080/en-US/Account/Login?ReturnUrl=/en-US/account
    • http://localhost:8080/B2B-store/Account/Login?ReturnUrl=/B2B-store/account
    • http://localhost:8080/B2B-store/Account/Login?ReturnUrl=/B2B-store/account
    • http://localhost:8080/en-US/Account/Login?ReturnUrl=/en-US/account
    • http://localhost:8080/en-US/Account/Login?ReturnUrl=/en-US/account
    • ..
  • Insufficient Site Isolation Against Spectre Vulnerability [90004] total: 13:
    • http://localhost:8080/sitemap.xml
    • http://localhost:8080/en-US/sitemap/catalog.xml
    • http://localhost:8080/en-US/sitemap/blog.xml
    • http://localhost:8080/en-US/blogs/news
    • http://localhost:8080/en-US/blogs/news/awesome_post
    • ..
  • Modern Web Application [10109] total: 12:
    • http://localhost:8080/B2B-store/
    • http://localhost:8080/en-US/bulkorder
    • http://localhost:8080/en-US/contact_us
    • http://localhost:8080/en-US/blogs/news/awesome_post
    • http://localhost:8080/en-US/blogs/news/new_page2
    • ..
  • Information Disclosure - Sensitive Information in URL [10024] total: 3:
    • http://localhost:8080/B2B-store/account/register?confirmPassword=ZAP&password=ZAP&userName=ZAP
    • http://localhost:8080/B2B-store/account/register?confirmPassword=ZAP&password=ZAP&userName=ZAP
    • http://localhost:8080/B2B-store/account/register?confirmPassword=ZAP&password=ZAP&userName=ZAP
  • Information Disclosure - Suspicious Comments [10027] total: 10:
    • http://localhost:8080/en-US/account/login
    • http://localhost:8080/B2B-store/
    • http://localhost:8080/robots.txt
    • http://localhost:8080/en-US/cart
    • http://localhost:8080/en-US/blogs/news/awesome_post
    • ..
  • Dangerous JS Functions [10110] total: 6:
    • http://localhost:8080/B2B-store/themes/assets/static/bundle/scripts.js?v=01PbwcASeeagUwNTMczy3FBzKO1Gfz4UTho8-nuhUd0
    • http://localhost:8080/en-US/themes/assets/static/bundle/scripts_dependencies.js?v=uJOYZpRmtKKIlK7lMNA5OBgdpI2_RBxzctFHQ8ntMHM
    • http://localhost:8080/lib/jquery/dist/jquery.js
    • http://localhost:8080/en-US/themes/assets/static/bundle/scripts.js?v=01PbwcASeeagUwNTMczy3FBzKO1Gfz4UTho8-nuhUd0
    • http://localhost:8080/B2B-store/themes/assets/static/bundle/dependencies.js?v=FUcb5dujV8tCGfkgrTf9sCDw8QkcFqNbVUPF0FG4Qqs
    • ..
  • Application Error Disclosure [90022] total: 11:
    • http://localhost:8080/en-US/search?q&type=product
    • http://localhost:8080/
    • http://localhost:8080
    • http://localhost:8080/en-US/search
    • http://localhost:8080/en-US/home-theater
    • ..
  • Absence of Anti-CSRF Tokens [10202] total: 12:
    • http://localhost:8080/en-US/blogs/news/awesome_post
    • http://localhost:8080/en-US/blogs/news/new_page2
    • http://localhost:8080/robots.txt
    • http://localhost:8080/robots.txt
    • http://localhost:8080/en-US/blogs/news/new_page2
    • ..
  • Content Security Policy (CSP) Header Not Set [10038] total: 12:
    • http://localhost:8080/en-US/contact_us
    • http://localhost:8080/robots.txt
    • http://localhost:8080/B2B-store/
    • http://localhost:8080/en-US/blogs/news/new_page2
    • http://localhost:8080/en-US/account/register
    • ..
  • Reverse Tabnabbing [10108] total: 12:
    • http://localhost:8080/en-US/blogs/news/new_page3
    • http://localhost:8080/en-US/account/login
    • http://localhost:8080/robots.txt
    • http://localhost:8080/B2B-store/
    • http://localhost:8080/en-US/pages/about_us
    • ..
  • X-Content-Type-Options Header Missing [10021] total: 12:
    • http://localhost:8080/en-US/blogs/news/new_page2
    • http://localhost:8080/B2B-store/
    • http://localhost:8080/en-US/blogs/news
    • http://localhost:8080/sitemap.xml
    • http://localhost:8080/en-US/sitemap/catalog.xml
    • ..
  • Base64 Disclosure [10094] total: 12:
    • http://localhost:8080/en-US/blogs/news/new_page2
    • http://localhost:8080/
    • http://localhost:8080/fr-FR/
    • http://localhost:8080/de-DE/
    • http://localhost:8080/en-US/blogs/news
    • ..
  • Cookie No HttpOnly Flag [10010] total: 12:
    • http://localhost:8080/en-US/bulkorder
    • http://localhost:8080/en-US/account/login
    • http://localhost:8080/en-US/blogs/news/new_page3
    • http://localhost:8080/en-US/account/register
    • http://localhost:8080/en-US/blogs/news/new_page2
    • ..
  • Feature Policy Header Not Set [10063] total: 12:
    • http://localhost:8080/en-US/pages/about_us
    • http://localhost:8080/robots.txt
    • http://localhost:8080/B2B-store/
    • http://localhost:8080/en-US/cart
    • http://localhost:8080/en-US/blogs/news
    • ..
  • WSDL File Detection [90030] total: 4:
    • http://localhost:8080/en-US/sitemap/catalog.xml
    • http://localhost:8080/en-US/sitemap/vendor.xml
    • http://localhost:8080/en-US/sitemap/blog.xml
    • http://localhost:8080/sitemap.xml
  • X-Frame-Options Header Not Set [10020] total: 12:
    • http://localhost:8080/en-US/pages/about_us
    • http://localhost:8080/B2B-store/
    • http://localhost:8080/en-US/account/register
    • http://localhost:8080/en-US/blogs/news
    • http://localhost:8080/en-US/cart
    • ..
  • Vulnerable JS Library [10003] total: 4:
    • http://localhost:8080/lib/jquery/dist/jquery.js
    • http://localhost:8080/lib/bootstrap/dist/js/bootstrap.js
    • http://localhost:8080/en-US/themes/assets/static/bundle/scripts_dependencies.js?v=uJOYZpRmtKKIlK7lMNA5OBgdpI2_RBxzctFHQ8ntMHM
    • http://localhost:8080/B2B-store/themes/assets/static/bundle/dependencies.js?v=FUcb5dujV8tCGfkgrTf9sCDw8QkcFqNbVUPF0FG4Qqs
  • Information Disclosure - Suspicious Comments [10027] total: 2:
    • http://localhost:8080/B2B-store/
    • http://localhost:8080/B2B-store/
  • Storable and Cacheable Content [10049] total: 4:
    • http://localhost:8080/en-US/sitemap/vendor.xml
    • http://localhost:8080/en-US/sitemap/blog.xml
    • http://localhost:8080/en-US/sitemap/catalog.xml
    • http://localhost:8080/robots.txt
  • Storable but Non-Cacheable Content [10049] total: 1:
    • http://localhost:8080/sitemap.xml
  • Source Code Disclosure - SQL [10099] total: 1:
    • http://localhost:8080/B2B-store/themes/assets/static/bundle/dependencies.js?v=FUcb5dujV8tCGfkgrTf9sCDw8QkcFqNbVUPF0FG4Qqs

View the following link to download the report.
RunnerID:503790668

[mvktsk]

Task https://virtocommerce.atlassian.net/browse/VP-6724 has been created