Sha256: 1d7625193b4b02b9a12869578a2d2ddf8a8b1a6303df47d730adf7144c8170e6

Contents?: true

Size: 2 KB

Versions: 27

Compression:

Stored size: 2 KB

Contents

<vulnerability confirmed="False">
  <url>http://test.testlab.com:3000/</url>
  <type>MissingXssProtectionHeader</type>
  <severity>Information</severity>
  <certainty>100</certainty>
  ​<description><![CDATA[<p>Netsparker detected a missing <code>X-XSS-Protection</code> header which means that this website could be at risk of a Cross-site Scripting (XSS) attacks.</p>]]></description>
  <remedy><![CDATA[<div>Add the X-XSS-Protection header with a value of "1; mode= block".<ul><li><pre class="code">X-XSS-Protection: 1; mode=block</pre></li></ul></div>]]></remedy>

  <vulnerableparametertype>GET</vulnerableparametertype>
  <vulnerableparameter>value</vulnerableparameter>
  <vulnerableparametervalue>1;expr 268409241 - 85983;x</vulnerableparametervalue>
  <rawrequest><![CDATA[GET /javascripts/responsive.js HTTP/1.1
Host: test.testlab.com:3000
Cache-Control: no-cache
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Cookie: _redmine_session=V2tvR3dUZ
Accept-Encoding: gzip, deflate

]]></rawrequest>
  <rawresponse><![CDATA[HTTP/1.1 200 OK
Server: WEBrick/1.3.1 (Ruby/2.3.0/2015-12-25)
Connection: Keep-Alive
Content-Length: 2002
Last-Modified: Sun, 19 Jun 2016 12:47:24 GMT
Content-Type: application/javascript
Date: Wed, 08 Feb 2017 20:49:45 GMT

// generic layout specific responsive stuff goes here

function openFlyout() {
  $('html').addClass('flyout-is-active');
  $('#wrapper2').on('click', function(e){
    e.preventDefault();
    e.stopPropagation();
    closeFlyout();
  });
}
]]></rawresponse>
  <extrainformation></extrainformation>

  <proofs></proofs>


  <classification>
    <OWASP2013></OWASP2013>
    <WASC></WASC>
    <CWE></CWE>
    <CAPEC></CAPEC>
    <PCI31></PCI31>
    <PCI32></PCI32>
    <HIPAA>164.308(a)</HIPAA>
    <OWASPPC>C9</OWASPPC>
  </classification>

</vulnerability>

Version data entries

27 entries across 27 versions & 1 rubygems

Version Path
dradis-netsparker-4.15.0 templates/evidence.sample
dradis-netsparker-4.14.0 templates/evidence.sample
dradis-netsparker-4.13.0 templates/evidence.sample
dradis-netsparker-4.11.0 templates/evidence.sample
dradis-netsparker-4.10.0 templates/evidence.sample
dradis-netsparker-4.9.0 templates/evidence.sample
dradis-netsparker-4.8.0 templates/evidence.sample
dradis-netsparker-4.7.0 templates/evidence.sample
dradis-netsparker-4.6.0 templates/evidence.sample
dradis-netsparker-4.5.0 templates/evidence.sample
dradis-netsparker-4.4.0 templates/evidence.sample
dradis-netsparker-4.3.0 templates/evidence.sample
dradis-netsparker-4.2.0 templates/evidence.sample
dradis-netsparker-4.1.0 templates/evidence.sample
dradis-netsparker-4.0.1 templates/evidence.sample
dradis-netsparker-4.0.0 templates/evidence.sample
dradis-netsparker-3.22.1 templates/evidence.sample
dradis-netsparker-3.22.0 templates/evidence.sample
dradis-netsparker-3.21.0 templates/evidence.sample
dradis-netsparker-3.20.0 templates/evidence.sample