ZAP Scan Baseline Report

[github-actions]

• Site: http://localhost:8090
  New Alerts
  • Absence of Anti-CSRF Tokens [10202] total: 4:
    • http://localhost:8090/dist/vendor.js?v=V-x68OFoHpxSGEX1YxRFN3MoEWOewY9CxoEMQpZr4kE
    • http://localhost:8090/dist/vendor.js?v=V-x68OFoHpxSGEX1YxRFN3MoEWOewY9CxoEMQpZr4kE
    • http://localhost:8090/dist/vendor.js?v=V-x68OFoHpxSGEX1YxRFN3MoEWOewY9CxoEMQpZr4kE
    • http://localhost:8090/dist/vendor.js?v=V-x68OFoHpxSGEX1YxRFN3MoEWOewY9CxoEMQpZr4kE
  • CSP: Wildcard Directive [10055] total: 2:
    • http://localhost:8090
    • http://localhost:8090/
  • CSP: script-src unsafe-inline [10055] total: 2:
    • http://localhost:8090
    • http://localhost:8090/
  • CSP: style-src unsafe-inline [10055] total: 2:
    • http://localhost:8090
    • http://localhost:8090/
  • Sub Resource Integrity Attribute Missing [90003] total: 2:
    • http://localhost:8090
    • http://localhost:8090/
  • Vulnerable JS Library [10003] total: 1:
    • http://localhost:8090/dist/vendor.js?v=V-x68OFoHpxSGEX1YxRFN3MoEWOewY9CxoEMQpZr4kE
  • Cross-Domain JavaScript Source File Inclusion [10017] total: 2:
    • http://localhost:8090
    • http://localhost:8090/
  • Dangerous JS Functions [10110] total: 3:
    • http://localhost:8090/dist/app.js?v=QF6xfChRmaqOPQQ-xq2lmr8Z6np7Zhe0byu81CKU3BQ
    • http://localhost:8090/dist/vendor.js?v=V-x68OFoHpxSGEX1YxRFN3MoEWOewY9CxoEMQpZr4kE
    • http://localhost:8090/modules/$(VirtoCommerce.Notifications)/dist/app.js?v=6sp6rNwvmz_u-75Dn_edrEvP031BJ3bcFrOOdl0dw-c
  • Permissions Policy Header Not Set [10063] total: 11:
    • http://localhost:8090
    • http://localhost:8090/
    • http://localhost:8090/modules/$(VirtoCommerce.Assets)/dist/app.js?v=ofhnrHdem1Z7XLNx-hWL3xUCPnnMgVy4B6WqnwVT7IE
    • http://localhost:8090/modules/$(VirtoCommerce.BulkActionsModule)/dist/app.js?v=bx2WCaYbo0S7frA5b2VtDkxui4XLMmhsAYoa_v7Q3OA
    • http://localhost:8090/modules/$(VirtoCommerce.Core)/dist/app.js?v=Wc4gtjHxlmslOXRbJBwSk8_bnCgAxfeLRNxPFBtfgtk
    • ..
  • Timestamp Disclosure - Unix [10096] total: 1:
    • http://localhost:8090/modules/$(VirtoCommerce.Notifications)/dist/app.js?v=6sp6rNwvmz_u-75Dn_edrEvP031BJ3bcFrOOdl0dw-c
  • Base64 Disclosure [10094] total: 5:
    • http://localhost:8090
    • http://localhost:8090/
    • http://localhost:8090/dist/app.js?v=QF6xfChRmaqOPQQ-xq2lmr8Z6np7Zhe0byu81CKU3BQ
    • http://localhost:8090/dist/style.css?v=4MNPEhxT-XQ_jHrn42WfnPM3R01F9_f0lzFOpe3t1Lk
    • http://localhost:8090/dist/vendor.js?v=V-x68OFoHpxSGEX1YxRFN3MoEWOewY9CxoEMQpZr4kE
  • Information Disclosure - Suspicious Comments [10027] total: 11:
    • http://localhost:8090
    • http://localhost:8090/
    • http://localhost:8090/dist/app.js?v=QF6xfChRmaqOPQQ-xq2lmr8Z6np7Zhe0byu81CKU3BQ
    • http://localhost:8090/dist/vendor.js?v=V-x68OFoHpxSGEX1YxRFN3MoEWOewY9CxoEMQpZr4kE
    • http://localhost:8090/modules/$(VirtoCommerce.Assets)/dist/app.js?v=ofhnrHdem1Z7XLNx-hWL3xUCPnnMgVy4B6WqnwVT7IE
    • ..
  • Modern Web Application [10109] total: 2:
    • http://localhost:8090
    • http://localhost:8090/
  • Sec-Fetch-Dest Header is Missing [90005] total: 2:
    • http://localhost:8090
    • http://localhost:8090/sitemap.xml
  • Sec-Fetch-Mode Header is Missing [90005] total: 2:
    • http://localhost:8090
    • http://localhost:8090/sitemap.xml
  • Sec-Fetch-Site Header is Missing [90005] total: 2:
    • http://localhost:8090
    • http://localhost:8090/sitemap.xml
  • Sec-Fetch-User Header is Missing [90005] total: 2:
    • http://localhost:8090
    • http://localhost:8090/sitemap.xml
  • Storable and Cacheable Content [10049] total: 11:
    • http://localhost:8090
    • http://localhost:8090/
    • http://localhost:8090/favicon.ico
    • http://localhost:8090/modules/$(VirtoCommerce.Catalog)/dist/style.css?v=Z_wcrI_74CPpGEznTeEexg7SU5lYBVj53SZZ2ZjvZ40
    • http://localhost:8090/modules/$(VirtoCommerce.Core)/dist/style.css?v=JxV59GTG-OlnR0vCng7qmL0bUL_hI5YdQOSjYMpqEsw
    • ..

View the following link to download the report.
RunnerID:6009076720

[mvktsk]

Task https://virtocommerce.atlassian.net/browse/VP-8433 has been created

[github-actions]

• Site: http://localhost:8090
  Resolved Alerts
  • Vulnerable JS Library [10003] total: 1:

View the following link to download the report.
RunnerID:6271649554

[github-actions]

• Site: http://localhost:8090
  Resolved Alerts
  • Absence of Anti-CSRF Tokens [10202] total: 4:

View the following link to download the report.
RunnerID:6507370212