ZAP Scanning Report

Site: https://synapp-expertise-dev-v2.synapp.eu

Generated on Fri, 19 Jun 2026 06:26:44

ZAP Version: 2.17.0

ZAP by Checkmarx

Summary of Alerts

Risk Level Number of Alerts
High
1
Medium
2
Low
6
Informational
6
False Positives:
0

Summary of Sequences

For each step: result (Pass/Fail) - risk (of highest alert(s) for the step, if any).

Alerts

Name Risk Level Number of Instances
Vulnerable JS Library High 1
Content Security Policy (CSP) Header Not Set Medium Systemic
Sub Resource Integrity Attribute Missing Medium Systemic
Cross-Domain JavaScript Source File Inclusion Low Systemic
Cross-Origin-Embedder-Policy Header Missing or Invalid Low 2
Cross-Origin-Opener-Policy Header Missing or Invalid Low 2
Cross-Origin-Resource-Policy Header Missing or Invalid Low 5
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) Low Systemic
Timestamp Disclosure - Unix Low Systemic
Content-Type Header Missing Informational 1
Modern Web Application Informational Systemic
Non-Storable Content Informational 2
Re-examine Cache-control Directives Informational Systemic
Storable and Cacheable Content Informational Systemic
Storable but Non-Cacheable Content Informational 2

Alert Detail

High
Vulnerable JS Library
Description
The identified library appears to be vulnerable.
URL https://synapp-expertise-dev-v2.synapp.eu/static/js/main.81bf9e71.js
Node Name https://synapp-expertise-dev-v2.synapp.eu/static/js/main.81bf9e71.js
Method GET
Parameter
Attack
Evidence return"[Axios v1.6.8] Transitional
Other Info
The identified library axios, version 1.6.8 is vulnerable.

CVE-2025-62718

CVE-2025-27152

CVE-2025-58754

CVE-2026-42041

CVE-2026-42040

CVE-2026-42039

CVE-2026-42034

CVE-2026-40175

CVE-2026-42033

CVE-2026-42038

CVE-2026-44495

CVE-2026-42037

CVE-2026-44496

CVE-2026-42036

CVE-2026-42035

CVE-2026-44492

CVE-2026-44494

CVE-2024-39338

CVE-2026-44490

CVE-2026-25639

CVE-2026-42044

CVE-2026-42264

CVE-2026-42043

CVE-2026-42042

CVE-2026-44486

CVE-2026-44487

https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf

https://github.com/axios/axios/issues/6463

https://github.com/axios/axios/security/advisories/GHSA-vf2m-468p-8v99

https://github.com/axios/axios/security/advisories/GHSA-xhjh-pmcv-23jw

https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v

https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57

https://github.com/axios/axios/pull/10661

https://github.com/axios/axios/pull/10660

https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df

https://github.com/axios/axios/releases/tag/v1.12.0

https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7

https://github.com/axios/axios/pull/7369

https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433

https://github.com/axios/axios/releases

https://github.com/axios/axios/releases/tag/v1.16.0

https://github.com/axios/axios/releases/tag/v1.8.2

https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh

https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5

https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9

https://github.com/axios/axios/security/advisories/GHSA-m7pr-hjqh-92cm

https://github.com/axios/axios/security/advisories/GHSA-q8qp-cvcw-x6jj

https://github.com/advisories/GHSA-8hc4-vh64-cxmj

https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593

https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23

https://github.com/axios/axios/releases/tag/v1.13.5

https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw

https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9

https://github.com/axios/axios/releases/tag/v0.32.0

https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a

https://github.com/axios/axios/releases/tag/v0.30.3

https://github.com/axios/axios/commit/fb8eec214ce7744b5ca787f2c3b8339b2f54b00f

https://github.com/axios/axios/pull/6543

https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv

https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html

https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx

https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc

https://github.com/axios/axios/pull/6539

https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2

https://github.com/axios/axios/security/advisories/GHSA-445q-vr5w-6q77

https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e

https://github.com/advisories/GHSA-jr5f-v2jv-69x6

https://github.com/axios/axios/pull/7388

https://github.com/axios/axios/releases/tag/v1.15.0

https://github.com/axios/axios/security/advisories/GHSA-898c-q2cr-xwhg

https://github.com/axios/axios/releases/tag/v1.7.4

https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj

https://datatracker.ietf.org/doc/html/rfc1034#section-3.1

https://github.com/axios/axios/pull/10794

https://github.com/axios/axios/commit/afca61a070728e717203c2bc21e7b589b59b858b

https://nvd.nist.gov/vuln/detail/CVE-2024-39338

https://github.com/axios/axios

https://github.com/axios/axios/security/advisories/GHSA-5c9x-8gcm-mpgx

https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf

https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63

https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6

https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1

https://nvd.nist.gov/vuln/detail/CVE-2025-27152

https://github.com/axios/axios/pull/7011

https://github.com/axios/axios/security/advisories/GHSA-xx6v-rp6x-q39c
Instances 1
Solution
Upgrade to the latest version of the affected library.
Reference https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/
CWE Id 1395
WASC Id
Plugin Id 10003
Medium
Content Security Policy (CSP) Header Not Set
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL https://synapp-expertise-dev-v2.synapp.eu/
Node Name https://synapp-expertise-dev-v2.synapp.eu/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/api/
Node Name https://synapp-expertise-dev-v2.synapp.eu/api/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/logo192.png
Node Name https://synapp-expertise-dev-v2.synapp.eu/logo192.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/user-directory
Node Name https://synapp-expertise-dev-v2.synapp.eu/user-directory
Method GET
Parameter
Attack
Evidence
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/user-directory/user-directory
Node Name https://synapp-expertise-dev-v2.synapp.eu/user-directory/user-directory
Method GET
Parameter
Attack
Evidence
Other Info
Instances Systemic
Solution
Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.
Reference https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
https://www.w3.org/TR/CSP/
https://w3c.github.io/webappsec-csp/
https://web.dev/articles/csp
https://caniuse.com/#feat=contentsecuritypolicy
https://content-security-policy.com/
CWE Id 693
WASC Id 15
Plugin Id 10038
Medium
Sub Resource Integrity Attribute Missing
Description
The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.
URL https://synapp-expertise-dev-v2.synapp.eu/
Node Name https://synapp-expertise-dev-v2.synapp.eu/
Method GET
Parameter
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=G-DVHYQKD0VM"></script>
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/api/
Node Name https://synapp-expertise-dev-v2.synapp.eu/api/
Method GET
Parameter
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=G-DVHYQKD0VM"></script>
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/logo192.png
Node Name https://synapp-expertise-dev-v2.synapp.eu/logo192.png
Method GET
Parameter
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=G-DVHYQKD0VM"></script>
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/platform-capabilities
Node Name https://synapp-expertise-dev-v2.synapp.eu/platform-capabilities
Method GET
Parameter
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=G-DVHYQKD0VM"></script>
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/security
Node Name https://synapp-expertise-dev-v2.synapp.eu/security
Method GET
Parameter
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=G-DVHYQKD0VM"></script>
Other Info
Instances Systemic
Solution
Provide a valid integrity attribute to the tag.
Reference https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
CWE Id 345
WASC Id 15
Plugin Id 90003
Low
Cross-Domain JavaScript Source File Inclusion
Description
The page includes one or more script files from a third-party domain.
URL https://synapp-expertise-dev-v2.synapp.eu/
Node Name https://synapp-expertise-dev-v2.synapp.eu/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=G-DVHYQKD0VM
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=G-DVHYQKD0VM"></script>
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/api/
Node Name https://synapp-expertise-dev-v2.synapp.eu/api/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=G-DVHYQKD0VM
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=G-DVHYQKD0VM"></script>
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/logo192.png
Node Name https://synapp-expertise-dev-v2.synapp.eu/logo192.png
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=G-DVHYQKD0VM
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=G-DVHYQKD0VM"></script>
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/platform-capabilities
Node Name https://synapp-expertise-dev-v2.synapp.eu/platform-capabilities
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=G-DVHYQKD0VM
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=G-DVHYQKD0VM"></script>
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/security
Node Name https://synapp-expertise-dev-v2.synapp.eu/security
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=G-DVHYQKD0VM
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=G-DVHYQKD0VM"></script>
Other Info
Instances Systemic
Solution
Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.
Reference
CWE Id 829
WASC Id 15
Plugin Id 10017
Low
Cross-Origin-Embedder-Policy Header Missing or Invalid
Description
Cross-Origin-Embedder-Policy header is a response header that prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS).
URL https://synapp-expertise-dev-v2.synapp.eu/sitemap.xml
Node Name https://synapp-expertise-dev-v2.synapp.eu/sitemap.xml
Method GET
Parameter Cross-Origin-Embedder-Policy
Attack
Evidence
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/user-directory
Node Name https://synapp-expertise-dev-v2.synapp.eu/user-directory
Method GET
Parameter Cross-Origin-Embedder-Policy
Attack
Evidence
Other Info
Instances 2
Solution
Ensure that the application/web server sets the Cross-Origin-Embedder-Policy header appropriately, and that it sets the Cross-Origin-Embedder-Policy header to 'require-corp' for documents.

If possible, ensure that the end user uses a standards-compliant and modern web browser that supports the Cross-Origin-Embedder-Policy header (https://caniuse.com/mdn-http_headers_cross-origin-embedder-policy).
Reference https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
CWE Id 693
WASC Id 14
Plugin Id 90004
Low
Cross-Origin-Opener-Policy Header Missing or Invalid
Description
Cross-Origin-Opener-Policy header is a response header that allows a site to control if others included documents share the same browsing context. Sharing the same browsing context with untrusted documents might lead to data leak.
URL https://synapp-expertise-dev-v2.synapp.eu/sitemap.xml
Node Name https://synapp-expertise-dev-v2.synapp.eu/sitemap.xml
Method GET
Parameter Cross-Origin-Opener-Policy
Attack
Evidence
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/user-directory
Node Name https://synapp-expertise-dev-v2.synapp.eu/user-directory
Method GET
Parameter Cross-Origin-Opener-Policy
Attack
Evidence
Other Info
Instances 2
Solution
Ensure that the application/web server sets the Cross-Origin-Opener-Policy header appropriately, and that it sets the Cross-Origin-Opener-Policy header to 'same-origin' for documents.

'same-origin-allow-popups' is considered as less secured and should be avoided.

If possible, ensure that the end user uses a standards-compliant and modern web browser that supports the Cross-Origin-Opener-Policy header (https://caniuse.com/mdn-http_headers_cross-origin-opener-policy).
Reference https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy
CWE Id 693
WASC Id 14
Plugin Id 90004
Low
Cross-Origin-Resource-Policy Header Missing or Invalid
Description
Cross-Origin-Resource-Policy header is an opt-in header designed to counter side-channels attacks like Spectre. Resource should be specifically set as shareable amongst different origins.
URL https://synapp-expertise-dev-v2.synapp.eu/_next/static/media/504f699ce71abd8b-s.p.woff2
Node Name https://synapp-expertise-dev-v2.synapp.eu/_next/static/media/504f699ce71abd8b-s.p.woff2
Method GET
Parameter Cross-Origin-Resource-Policy
Attack
Evidence
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/_next/static/media/ee40bb094c99a29a-s.p.woff2
Node Name https://synapp-expertise-dev-v2.synapp.eu/_next/static/media/ee40bb094c99a29a-s.p.woff2
Method GET
Parameter Cross-Origin-Resource-Policy
Attack
Evidence
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/robots.txt
Node Name https://synapp-expertise-dev-v2.synapp.eu/robots.txt
Method GET
Parameter Cross-Origin-Resource-Policy
Attack
Evidence
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/sitemap.xml
Node Name https://synapp-expertise-dev-v2.synapp.eu/sitemap.xml
Method GET
Parameter Cross-Origin-Resource-Policy
Attack
Evidence
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/user-directory
Node Name https://synapp-expertise-dev-v2.synapp.eu/user-directory
Method GET
Parameter Cross-Origin-Resource-Policy
Attack
Evidence
Other Info
Instances 5
Solution
Ensure that the application/web server sets the Cross-Origin-Resource-Policy header appropriately, and that it sets the Cross-Origin-Resource-Policy header to 'same-origin' for all web pages.

'same-site' is considered as less secured and should be avoided.

If resources must be shared, set the header to 'cross-origin'.

If possible, ensure that the end user uses a standards-compliant and modern web browser that supports the Cross-Origin-Resource-Policy header (https://caniuse.com/mdn-http_headers_cross-origin-resource-policy).
Reference https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
CWE Id 693
WASC Id 14
Plugin Id 90004
Low
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
Description
The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.
URL https://synapp-expertise-dev-v2.synapp.eu/user-directory
Node Name https://synapp-expertise-dev-v2.synapp.eu/user-directory
Method GET
Parameter
Attack
Evidence X-Powered-By: Next.js
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/user-directory/doctor/charles
Node Name https://synapp-expertise-dev-v2.synapp.eu/user-directory/doctor/charles
Method GET
Parameter
Attack
Evidence X-Powered-By: Next.js
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/user-directory/doctor/james-azmet
Node Name https://synapp-expertise-dev-v2.synapp.eu/user-directory/doctor/james-azmet
Method GET
Parameter
Attack
Evidence X-Powered-By: Next.js
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/user-directory/doctor/zenon-krist-23232
Node Name https://synapp-expertise-dev-v2.synapp.eu/user-directory/doctor/zenon-krist-23232
Method GET
Parameter
Attack
Evidence X-Powered-By: Next.js
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/user-directory/user-directory
Node Name https://synapp-expertise-dev-v2.synapp.eu/user-directory/user-directory
Method GET
Parameter
Attack
Evidence X-Powered-By: Next.js
Other Info
Instances Systemic
Solution
Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.
Reference https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework
https://www.troyhunt.com/shhh-dont-let-your-response-headers/
CWE Id 497
WASC Id 13
Plugin Id 10037
Low
Timestamp Disclosure - Unix
Description
A timestamp was disclosed by the application/web server. - Unix
URL https://synapp-expertise-dev-v2.synapp.eu/static/js/main.81bf9e71.js
Node Name https://synapp-expertise-dev-v2.synapp.eu/static/js/main.81bf9e71.js
Method GET
Parameter
Attack
Evidence 1521486534
Other Info
1521486534, which evaluates to: 2018-03-19 19:08:54.
URL https://synapp-expertise-dev-v2.synapp.eu/static/js/main.81bf9e71.js
Node Name https://synapp-expertise-dev-v2.synapp.eu/static/js/main.81bf9e71.js
Method GET
Parameter
Attack
Evidence 1541459225
Other Info
1541459225, which evaluates to: 2018-11-05 23:07:05.
URL https://synapp-expertise-dev-v2.synapp.eu/static/js/main.81bf9e71.js
Node Name https://synapp-expertise-dev-v2.synapp.eu/static/js/main.81bf9e71.js
Method GET
Parameter
Attack
Evidence 1694144372
Other Info
1694144372, which evaluates to: 2023-09-08 03:39:32.
URL https://synapp-expertise-dev-v2.synapp.eu/static/js/main.81bf9e71.js
Node Name https://synapp-expertise-dev-v2.synapp.eu/static/js/main.81bf9e71.js
Method GET
Parameter
Attack
Evidence 1779033703
Other Info
1779033703, which evaluates to: 2026-05-17 16:01:43.
URL https://synapp-expertise-dev-v2.synapp.eu/static/js/main.81bf9e71.js
Node Name https://synapp-expertise-dev-v2.synapp.eu/static/js/main.81bf9e71.js
Method GET
Parameter
Attack
Evidence 1899447441
Other Info
1899447441, which evaluates to: 2030-03-11 08:17:21.
Instances Systemic
Solution
Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.
Reference https://cwe.mitre.org/data/definitions/200.html
CWE Id 497
WASC Id 13
Plugin Id 10096
Informational
Content-Type Header Missing
Description
The Content-Type header was either missing or empty.
URL https://synapp-expertise-dev-v2.synapp.eu/doctor/
Node Name https://synapp-expertise-dev-v2.synapp.eu/doctor/
Method GET
Parameter content-type
Attack
Evidence
Other Info
Instances 1
Solution
Ensure each page is setting the specific and appropriate content-type value for the content being delivered.
Reference https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)
CWE Id 345
WASC Id 12
Plugin Id 10019
Informational
Modern Web Application
Description
The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.
URL https://synapp-expertise-dev-v2.synapp.eu/
Node Name https://synapp-expertise-dev-v2.synapp.eu/
Method GET
Parameter
Attack
Evidence <script type="text/javascript">window.heapReadyCb=window.heapReadyCb||[],window.heap=window.heap||[],heap.load=function(e,a){window.heap.envId=e,window.heap.clientConfig=a=a||{},window.heap.clientConfig.shouldFetchServerConfig=!1;var r=document.createElement("script");r.type="text/javascript",r.async=!0,r.src="https://cdn.us.heap-api.com/config/"+e+"/heap_config.js";var t=document.getElementsByTagName("script")[0];t.parentNode.insertBefore(r,t);for(var n=["init","startTracking","stopTracking","track","resetIdentity","identify","getSessionId","getUserId","getIdentity","addUserProperties","addEventProperties","removeEventProperty","clearEventProperties","addAccountProperties","addAdapter","addTransformer","addTransformerFn","onReady","addPageviewProperties","removePageviewProperty","clearPageviewProperties","trackPageview"],i=function(e){return function(){var a=Array.prototype.slice.call(arguments,0);window.heapReadyCb.push({name:e,fn:function(){heap[e]&&heap[e].apply(heap,a)}})}},o=0;o<n.length;o++)heap[n[o]]=i(n[o])},heap.load("3712126961")</script>
Other Info
No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://synapp-expertise-dev-v2.synapp.eu/api/
Node Name https://synapp-expertise-dev-v2.synapp.eu/api/
Method GET
Parameter
Attack
Evidence <script type="text/javascript">window.heapReadyCb=window.heapReadyCb||[],window.heap=window.heap||[],heap.load=function(e,a){window.heap.envId=e,window.heap.clientConfig=a=a||{},window.heap.clientConfig.shouldFetchServerConfig=!1;var r=document.createElement("script");r.type="text/javascript",r.async=!0,r.src="https://cdn.us.heap-api.com/config/"+e+"/heap_config.js";var t=document.getElementsByTagName("script")[0];t.parentNode.insertBefore(r,t);for(var n=["init","startTracking","stopTracking","track","resetIdentity","identify","getSessionId","getUserId","getIdentity","addUserProperties","addEventProperties","removeEventProperty","clearEventProperties","addAccountProperties","addAdapter","addTransformer","addTransformerFn","onReady","addPageviewProperties","removePageviewProperty","clearPageviewProperties","trackPageview"],i=function(e){return function(){var a=Array.prototype.slice.call(arguments,0);window.heapReadyCb.push({name:e,fn:function(){heap[e]&&heap[e].apply(heap,a)}})}},o=0;o<n.length;o++)heap[n[o]]=i(n[o])},heap.load("3712126961")</script>
Other Info
No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://synapp-expertise-dev-v2.synapp.eu/logo192.png
Node Name https://synapp-expertise-dev-v2.synapp.eu/logo192.png
Method GET
Parameter
Attack
Evidence <script type="text/javascript">window.heapReadyCb=window.heapReadyCb||[],window.heap=window.heap||[],heap.load=function(e,a){window.heap.envId=e,window.heap.clientConfig=a=a||{},window.heap.clientConfig.shouldFetchServerConfig=!1;var r=document.createElement("script");r.type="text/javascript",r.async=!0,r.src="https://cdn.us.heap-api.com/config/"+e+"/heap_config.js";var t=document.getElementsByTagName("script")[0];t.parentNode.insertBefore(r,t);for(var n=["init","startTracking","stopTracking","track","resetIdentity","identify","getSessionId","getUserId","getIdentity","addUserProperties","addEventProperties","removeEventProperty","clearEventProperties","addAccountProperties","addAdapter","addTransformer","addTransformerFn","onReady","addPageviewProperties","removePageviewProperty","clearPageviewProperties","trackPageview"],i=function(e){return function(){var a=Array.prototype.slice.call(arguments,0);window.heapReadyCb.push({name:e,fn:function(){heap[e]&&heap[e].apply(heap,a)}})}},o=0;o<n.length;o++)heap[n[o]]=i(n[o])},heap.load("3712126961")</script>
Other Info
No links have been found while there are scripts, which is an indication that this is a modern web application.
URL https://synapp-expertise-dev-v2.synapp.eu/user-directory
Node Name https://synapp-expertise-dev-v2.synapp.eu/user-directory
Method GET
Parameter
Attack
Evidence <a href="#" class="SiteFooter_socialLink__PpjDy" aria-label="Twitter"><svg width="18" height="18" viewBox="0 0 24 24" fill="currentColor" aria-hidden="true"><path d="M18.244 2.25h3.308l-7.227 8.26 8.502 11.24H16.17l-5.214-6.817L4.99 21.75H1.68l7.73-8.835L1.254 2.25H8.08l4.713 6.231zm-1.161 17.52h1.833L7.084 4.126H5.117z"></path></svg></a>
Other Info
Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
URL https://synapp-expertise-dev-v2.synapp.eu/user-directory/user-directory
Node Name https://synapp-expertise-dev-v2.synapp.eu/user-directory/user-directory
Method GET
Parameter
Attack
Evidence <a href="#" class="SiteFooter_socialLink__PpjDy" aria-label="Twitter"><svg width="18" height="18" viewBox="0 0 24 24" fill="currentColor" aria-hidden="true"><path d="M18.244 2.25h3.308l-7.227 8.26 8.502 11.24H16.17l-5.214-6.817L4.99 21.75H1.68l7.73-8.835L1.254 2.25H8.08l4.713 6.231zm-1.161 17.52h1.833L7.084 4.126H5.117z"></path></svg></a>
Other Info
Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
Instances Systemic
Solution
This is an informational alert and so no changes are required.
Reference
CWE Id
WASC Id
Plugin Id 10109
Informational
Non-Storable Content
Description
The response contents are not storable by caching components such as proxy servers. If the response does not contain sensitive, personal or user-specific information, it may benefit from being stored and cached, to improve performance.
URL https://synapp-expertise-dev-v2.synapp.eu/doctor/
Node Name https://synapp-expertise-dev-v2.synapp.eu/doctor/
Method GET
Parameter
Attack
Evidence 308
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/user-directory
Node Name https://synapp-expertise-dev-v2.synapp.eu/user-directory
Method GET
Parameter
Attack
Evidence no-store
Other Info
Instances 2
Solution
The content may be marked as storable by ensuring that the following conditions are satisfied:

The request method must be understood by the cache and defined as being cacheable ("GET", "HEAD", and "POST" are currently defined as cacheable)

The response status code must be understood by the cache (one of the 1XX, 2XX, 3XX, 4XX, or 5XX response classes are generally understood)

The "no-store" cache directive must not appear in the request or response header fields

For caching by "shared" caches such as "proxy" caches, the "private" response directive must not appear in the response

For caching by "shared" caches such as "proxy" caches, the "Authorization" header field must not appear in the request, unless the response explicitly allows it (using one of the "must-revalidate", "public", or "s-maxage" Cache-Control response directives)

In addition to the conditions above, at least one of the following conditions must also be satisfied by the response:

It must contain an "Expires" header field

It must contain a "max-age" response directive

For "shared" caches such as "proxy" caches, it must contain a "s-maxage" response directive

It must contain a "Cache Control Extension" that allows it to be cached

It must have a status code that is defined as cacheable by default (200, 203, 204, 206, 300, 301, 404, 405, 410, 414, 501).
Reference https://datatracker.ietf.org/doc/html/rfc7234
https://datatracker.ietf.org/doc/html/rfc7231
https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html
CWE Id 524
WASC Id 13
Plugin Id 10049
Informational
Re-examine Cache-control Directives
Description
The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.
URL https://synapp-expertise-dev-v2.synapp.eu/
Node Name https://synapp-expertise-dev-v2.synapp.eu/
Method GET
Parameter cache-control
Attack
Evidence
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/api/
Node Name https://synapp-expertise-dev-v2.synapp.eu/api/
Method GET
Parameter cache-control
Attack
Evidence
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/manifest.json
Node Name https://synapp-expertise-dev-v2.synapp.eu/manifest.json
Method GET
Parameter cache-control
Attack
Evidence
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/robots.txt
Node Name https://synapp-expertise-dev-v2.synapp.eu/robots.txt
Method GET
Parameter cache-control
Attack
Evidence public, max-age=0, must-revalidate
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/sitemap.xml
Node Name https://synapp-expertise-dev-v2.synapp.eu/sitemap.xml
Method GET
Parameter cache-control
Attack
Evidence public, max-age=0, must-revalidate
Other Info
Instances Systemic
Solution
For secure content, ensure the cache-control HTTP header is set with "no-cache, no-store, must-revalidate". If an asset should be cached consider setting the directives "public, max-age, immutable".
Reference https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching
https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control
https://grayduck.mn/2021/09/13/cache-control-recommendations/
CWE Id 525
WASC Id 13
Plugin Id 10015
Informational
Storable and Cacheable Content
Description
The response contents are storable by caching components such as proxy servers, and may be retrieved directly from the cache, rather than from the origin server by the caching servers, in response to similar requests from other users. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where "shared" caching servers such as "proxy" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.
URL https://synapp-expertise-dev-v2.synapp.eu/
Node Name https://synapp-expertise-dev-v2.synapp.eu/
Method GET
Parameter
Attack
Evidence
Other Info
In the absence of an explicitly specified caching lifetime directive in the response, a liberal lifetime heuristic of 1 year was assumed. This is permitted by rfc7234.
URL https://synapp-expertise-dev-v2.synapp.eu/api/
Node Name https://synapp-expertise-dev-v2.synapp.eu/api/
Method GET
Parameter
Attack
Evidence
Other Info
In the absence of an explicitly specified caching lifetime directive in the response, a liberal lifetime heuristic of 1 year was assumed. This is permitted by rfc7234.
URL https://synapp-expertise-dev-v2.synapp.eu/favicon.ico
Node Name https://synapp-expertise-dev-v2.synapp.eu/favicon.ico
Method GET
Parameter
Attack
Evidence
Other Info
In the absence of an explicitly specified caching lifetime directive in the response, a liberal lifetime heuristic of 1 year was assumed. This is permitted by rfc7234.
URL https://synapp-expertise-dev-v2.synapp.eu/logo192.png
Node Name https://synapp-expertise-dev-v2.synapp.eu/logo192.png
Method GET
Parameter
Attack
Evidence
Other Info
In the absence of an explicitly specified caching lifetime directive in the response, a liberal lifetime heuristic of 1 year was assumed. This is permitted by rfc7234.
URL https://synapp-expertise-dev-v2.synapp.eu/manifest.json
Node Name https://synapp-expertise-dev-v2.synapp.eu/manifest.json
Method GET
Parameter
Attack
Evidence
Other Info
In the absence of an explicitly specified caching lifetime directive in the response, a liberal lifetime heuristic of 1 year was assumed. This is permitted by rfc7234.
Instances Systemic
Solution
Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:

Cache-Control: no-cache, no-store, must-revalidate, private

Pragma: no-cache

Expires: 0

This configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.
Reference https://datatracker.ietf.org/doc/html/rfc7234
https://datatracker.ietf.org/doc/html/rfc7231
https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html
CWE Id 524
WASC Id 13
Plugin Id 10049
Informational
Storable but Non-Cacheable Content
Description
The response contents are storable by caching components such as proxy servers, but will not be retrieved directly from the cache, without validating the request upstream, in response to similar requests from other users.
URL https://synapp-expertise-dev-v2.synapp.eu/robots.txt
Node Name https://synapp-expertise-dev-v2.synapp.eu/robots.txt
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
URL https://synapp-expertise-dev-v2.synapp.eu/sitemap.xml
Node Name https://synapp-expertise-dev-v2.synapp.eu/sitemap.xml
Method GET
Parameter
Attack
Evidence max-age=0
Other Info
Instances 2
Solution
Reference https://datatracker.ietf.org/doc/html/rfc7234
https://datatracker.ietf.org/doc/html/rfc7231
https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html
CWE Id 524
WASC Id 13
Plugin Id 10049

Sequence Details

With the associated active scan results.