ZAP Full Scan Report

[github-actions]

• Site: https://localhost

• Site: http://localhost:8080
  New Alerts

  • Anti-CSRF Tokens Check [20012] total: 5:
    • http://localhost:8080/login
    • http://localhost:8080/login?error
    • http://localhost:8080/myprofile
    • http://localhost:8080/schedule-service
    • http://localhost:8080/scheduled-services
  • SQL Injection [40018] total: 1:
    • http://localhost:8080/schedule-service
  • Content Security Policy (CSP) Header Not Set [10038] total: 8:
    • http://localhost:8080
    • http://localhost:8080/cars
    • http://localhost:8080/login
    • http://localhost:8080/login?error
    • http://localhost:8080/myprofile
    • ..
  • HTTP Only Site [10106] total: 1:
    • http://localhost:8080/perform-login
  • Absence of Anti-CSRF Tokens [10202] total: 5:
    • http://localhost:8080/login
    • http://localhost:8080/login?error
    • http://localhost:8080/myprofile
    • http://localhost:8080/schedule-service
    • http://localhost:8080/scheduled-services
  • Application Error Disclosure [90022] total: 1:
    • http://localhost:8080/register-totp
  • Cookie No HttpOnly Flag [10010] total: 1:
    • http://localhost:8080/cars?id=1
  • Cookie Slack Detector [90027] total: 13:
    • http://localhost:8080/cars?id=1
    • http://localhost:8080/confirm-service-1?id=1
    • http://localhost:8080/login
    • http://localhost:8080/login?error
    • http://localhost:8080/logout
    • ..
  • Cookie without SameSite Attribute [10054] total: 1:
    • http://localhost:8080/cars?id=1
  • Cross-Domain JavaScript Source File Inclusion [10017] total: 6:
    • http://localhost:8080
    • http://localhost:8080/cars
    • http://localhost:8080/myprofile
    • http://localhost:8080/persons
    • http://localhost:8080/schedule-service
    • ..
  • Information Disclosure - Debug Error Messages [10023] total: 1:
    • http://localhost:8080/register-totp
  • Timestamp Disclosure - Unix [10096] total: 1:
    • http://localhost:8080/register-totp
  • Cookie Slack Detector [90027] total: 9:
    • http://localhost:8080
    • http://localhost:8080/cars
    • http://localhost:8080/myprofile
    • http://localhost:8080/persons
    • http://localhost:8080/register-totp
    • ..
  • Information Disclosure - Suspicious Comments [10027] total: 2:
    • http://localhost:8080
    • http://localhost:8080/cars
  • Loosely Scoped Cookie [90033] total: 2:
    • http://localhost:8080/cars?id=1
    • http://localhost:8080/logout
  • Modern Web Application [10109] total: 2:
    • http://localhost:8080/login
    • http://localhost:8080/login?error
  • Possible Username Enumeration [40023] total: 1:
    • http://localhost:8080/perform-login
  • User Agent Fuzzer [10104] total: 140:
    • http://localhost:8080
    • http://localhost:8080
    • http://localhost:8080
    • http://localhost:8080
    • http://localhost:8080
    • ..

View the following link to download the report.
RunnerID:1500679506