ZAP Full Scan Report

[github-actions]

• Site: https://qa.mavistesting.com
  New Alerts
  • Content Security Policy (CSP) Header Not Set [10038] total: 4:
    • https://qa.mavistesting.com/accessibility-statement
    • https://qa.mavistesting.com/start
    • https://qa.mavistesting.com/users/sign-in
    • https://qa.mavistesting.com/users/sign-in
  • Proxy Disclosure [40025] total: 20:
    • https://qa.mavistesting.com
    • https://qa.mavistesting.com/
    • https://qa.mavistesting.com/accessibility-statement
    • https://qa.mavistesting.com/assets
    • https://qa.mavistesting.com/assets/application
    • ..
  • Application Error Disclosure [90022] total: 1:
    • https://qa.mavistesting.com/sitemap.xml
  • Cookie Slack Detector [90027] total: 11:
    • https://qa.mavistesting.com/assets
    • https://qa.mavistesting.com/assets/application
    • https://qa.mavistesting.com/assets/application-6aabb0a3.css
    • https://qa.mavistesting.com/assets/application-d784cb1e.js
    • https://qa.mavistesting.com/assets/application/icon-180-b102637e.png
    • ..
  • Cookie without SameSite Attribute [10054] total: 6:
    • https://qa.mavistesting.com/accessibility-statement
    • https://qa.mavistesting.com/dashboard
    • https://qa.mavistesting.com/manifest/application-c6c1c9a9.json
    • https://qa.mavistesting.com/start
    • https://qa.mavistesting.com/users/sign-in
    • ..
  • Information Disclosure - Debug Error Messages [10023] total: 1:
    • https://qa.mavistesting.com/sitemap.xml
  • Insufficient Site Isolation Against Spectre Vulnerability [90004] total: 9:
    • https://qa.mavistesting.com/assets/application/icon-180-b102637e.png
    • https://qa.mavistesting.com/assets/favicon-2be3abc8.svg
    • https://qa.mavistesting.com/assets/favicon-65dc20c7.ico
    • https://qa.mavistesting.com/assets/icon-mask-aa290807.svg
    • https://qa.mavistesting.com/manifest/application-c6c1c9a9.json
    • ..
  • Permissions Policy Header Not Set [10063] total: 5:
    • https://qa.mavistesting.com/accessibility-statement
    • https://qa.mavistesting.com/assets/application-d784cb1e.js
    • https://qa.mavistesting.com/start
    • https://qa.mavistesting.com/users/sign-in
    • https://qa.mavistesting.com/users/sign-in
  • Timestamp Disclosure - Unix [10096] total: 1:
    • https://qa.mavistesting.com/assets/application-6aabb0a3.css
  • X-Content-Type-Options Header Missing [10021] total: 7:
    • https://qa.mavistesting.com/assets/application-6aabb0a3.css
    • https://qa.mavistesting.com/assets/application-d784cb1e.js
    • https://qa.mavistesting.com/assets/application/icon-180-b102637e.png
    • https://qa.mavistesting.com/assets/favicon-2be3abc8.svg
    • https://qa.mavistesting.com/assets/favicon-65dc20c7.ico
    • ..
  • Authentication Request Identified [10111] total: 1:
    • https://qa.mavistesting.com/users/sign-in
  • Cookie Slack Detector [90027] total: 4:
    • https://qa.mavistesting.com/accessibility-statement
    • https://qa.mavistesting.com/manifest
    • https://qa.mavistesting.com/start
    • https://qa.mavistesting.com/users/sign-in
  • Information Disclosure - Suspicious Comments [10027] total: 1:
    • https://qa.mavistesting.com/assets/application-d784cb1e.js
  • Non-Storable Content [10049] total: 5:
    • https://qa.mavistesting.com/
    • https://qa.mavistesting.com/dashboard
    • https://qa.mavistesting.com/manifest/application-c6c1c9a9.json
    • https://qa.mavistesting.com/sitemap.xml
    • https://qa.mavistesting.com/start
  • Re-examine Cache-control Directives [10015] total: 5:
    • https://qa.mavistesting.com/accessibility-statement
    • https://qa.mavistesting.com/manifest/application-c6c1c9a9.json
    • https://qa.mavistesting.com/robots.txt
    • https://qa.mavistesting.com/start
    • https://qa.mavistesting.com/users/sign-in
  • Session Management Response Identified [10112] total: 6:
    • https://qa.mavistesting.com/accessibility-statement
    • https://qa.mavistesting.com/dashboard
    • https://qa.mavistesting.com/manifest/application-c6c1c9a9.json
    • https://qa.mavistesting.com/start
    • https://qa.mavistesting.com/users/sign-in
    • ..
  • Storable and Cacheable Content [10049] total: 5:
    • https://qa.mavistesting.com/assets/application/icon-180-b102637e.png
    • https://qa.mavistesting.com/assets/favicon-2be3abc8.svg
    • https://qa.mavistesting.com/assets/favicon-65dc20c7.ico
    • https://qa.mavistesting.com/assets/icon-mask-aa290807.svg
    • https://qa.mavistesting.com/robots.txt
  • User Agent Fuzzer [10104] total: 132:
    • https://qa.mavistesting.com
    • https://qa.mavistesting.com
    • https://qa.mavistesting.com
    • https://qa.mavistesting.com
    • https://qa.mavistesting.com
    • ..

View the following link to download the report.
RunnerID:17947727963

---

ZAP by Checkmarx

[github-actions]

• Site: https://qa.mavistesting.com
  New Alerts
  • Modern Web Application [10109] total: 1:
    • https://qa.mavistesting.com/users/sign-in
  • Possible Username Enumeration [40023] total: 3:
    • https://qa.mavistesting.com/users/sign-in
    • https://qa.mavistesting.com/users/sign-in
    • https://qa.mavistesting.com/users/sign-in
  • Retrieved from Cache [10050] total: 6:
    • https://qa.mavistesting.com/assets/application-6aabb0a3.css
    • https://qa.mavistesting.com/assets/application-d784cb1e.js
    • https://qa.mavistesting.com/assets/application/icon-180-b102637e.png
    • https://qa.mavistesting.com/assets/favicon-2be3abc8.svg
    • https://qa.mavistesting.com/assets/favicon-65dc20c7.ico
    • ..

View the following link to download the report.
RunnerID:17951592952

[github-actions]

• Site: https://tracking-protection.cdn.mozilla.net
  New Alerts

  • Server Leaks Version Information via "Server" HTTP Response Header Field [10036] total: 1:
    • https://tracking-protection.cdn.mozilla.net/ads-track-digest256/128.0/1754651396
  • Strict-Transport-Security Header Not Set [10035] total: 1:
    • https://tracking-protection.cdn.mozilla.net/ads-track-digest256/128.0/1754651396
  • Timestamp Disclosure - Unix [10096] total: 1:
    • https://tracking-protection.cdn.mozilla.net/ads-track-digest256/128.0/1754651396
  • X-Content-Type-Options Header Missing [10021] total: 1:
    • https://tracking-protection.cdn.mozilla.net/ads-track-digest256/128.0/1754651396
  • Retrieved from Cache [10050] total: 1:
    • https://tracking-protection.cdn.mozilla.net/ads-track-digest256/128.0/1754651396

• Site: https://qa.mavistesting.com
  New Alerts

  • Session ID Expiry Time/Max-Age is Excessive [40013] total: 1:
    • https://qa.mavistesting.com/users/sign-in
  • Session Fixation [40013] total: 1:
    • https://qa.mavistesting.com/users/sign-in

View the following link to download the report.
RunnerID:17952562260

[github-actions]

• Site: https://qa.mavistesting.com
  Resolved Alerts
  • Session ID Expiry Time/Max-Age is Excessive [40013] total: 1:
  • Modern Web Application [10109] total: 1:
  • Possible Username Enumeration [40023] total: 4:
  • Session Fixation [40013] total: 1:

View the following link to download the report.
RunnerID:17953388235

[github-actions]

• Site: https://qa.mavistesting.com
  New Alerts

  • Hidden File Found [40035] total: 3:
    • https://qa.mavistesting.com/._darcs
    • https://qa.mavistesting.com/.bzr
    • https://qa.mavistesting.com/.hg

  Resolved Alerts

  • Content Security Policy (CSP) Header Not Set [10038] total: 4:
  • Application Error Disclosure [90022] total: 1:
  • Cookie Slack Detector [90027] total: 12:
  • Cookie without SameSite Attribute [10054] total: 6:
  • Information Disclosure - Debug Error Messages [10023] total: 1:
  • Insufficient Site Isolation Against Spectre Vulnerability [90004] total: 9:
  • Permissions Policy Header Not Set [10063] total: 5:
  • Timestamp Disclosure - Unix [10096] total: 1:
  • X-Content-Type-Options Header Missing [10021] total: 7:
  • Authentication Request Identified [10111] total: 1:
  • Cookie Slack Detector [90027] total: 3:
  • Information Disclosure - Suspicious Comments [10027] total: 1:
  • Non-Storable Content [10049] total: 5:
  • Re-examine Cache-control Directives [10015] total: 5:
  • Retrieved from Cache [10050] total: 7:
  • Session Management Response Identified [10112] total: 6:
  • Storable and Cacheable Content [10049] total: 5:

View the following link to download the report.
RunnerID:18831471856

[github-actions]

• Site: https://qa.mavistesting.com
  New Alerts

  • Content Security Policy (CSP) Header Not Set [10038] total: 4:
    • https://qa.mavistesting.com/accessibility-statement
    • https://qa.mavistesting.com/start
    • https://qa.mavistesting.com/users/sign-in
    • https://qa.mavistesting.com/users/sign-in
  • Application Error Disclosure [90022] total: 1:
    • https://qa.mavistesting.com/sitemap.xml
  • Cookie Slack Detector [90027] total: 12:
    • https://qa.mavistesting.com/assets
    • https://qa.mavistesting.com/assets/application
    • https://qa.mavistesting.com/assets/application-281d0140.css
    • https://qa.mavistesting.com/assets/application-5b95b609.js
    • https://qa.mavistesting.com/assets/application/icon-180-b102637e.png
    • ..
  • Cookie without SameSite Attribute [10054] total: 5:
    • https://qa.mavistesting.com/accessibility-statement
    • https://qa.mavistesting.com/dashboard
    • https://qa.mavistesting.com/start
    • https://qa.mavistesting.com/users/sign-in
    • https://qa.mavistesting.com/users/sign-in
  • Information Disclosure - Debug Error Messages [10023] total: 1:
    • https://qa.mavistesting.com/sitemap.xml
  • Insufficient Site Isolation Against Spectre Vulnerability [90004] total: 9:
    • https://qa.mavistesting.com/assets/application/icon-180-b102637e.png
    • https://qa.mavistesting.com/assets/favicon-2be3abc8.svg
    • https://qa.mavistesting.com/assets/favicon-65dc20c7.ico
    • https://qa.mavistesting.com/assets/icon-mask-aa290807.svg
    • https://qa.mavistesting.com/manifest/application-c6c1c9a9.json
    • ..
  • Permissions Policy Header Not Set [10063] total: 5:
    • https://qa.mavistesting.com/accessibility-statement
    • https://qa.mavistesting.com/assets/application-5b95b609.js
    • https://qa.mavistesting.com/start
    • https://qa.mavistesting.com/users/sign-in
    • https://qa.mavistesting.com/users/sign-in
  • Timestamp Disclosure - Unix [10096] total: 1:
    • https://qa.mavistesting.com/assets/application-281d0140.css
  • X-Content-Type-Options Header Missing [10021] total: 7:
    • https://qa.mavistesting.com/assets/application-281d0140.css
    • https://qa.mavistesting.com/assets/application-5b95b609.js
    • https://qa.mavistesting.com/assets/application/icon-180-b102637e.png
    • https://qa.mavistesting.com/assets/favicon-2be3abc8.svg
    • https://qa.mavistesting.com/assets/favicon-65dc20c7.ico
    • ..
  • Authentication Request Identified [10111] total: 1:
    • https://qa.mavistesting.com/users/sign-in
  • Cookie Slack Detector [90027] total: 3:
    • https://qa.mavistesting.com/accessibility-statement
    • https://qa.mavistesting.com/manifest
    • https://qa.mavistesting.com/start
  • Information Disclosure - Suspicious Comments [10027] total: 1:
    • https://qa.mavistesting.com/assets/application-5b95b609.js
  • Non-Storable Content [10049] total: 4:
    • https://qa.mavistesting.com/
    • https://qa.mavistesting.com/dashboard
    • https://qa.mavistesting.com/sitemap.xml
    • https://qa.mavistesting.com/start
  • Re-examine Cache-control Directives [10015] total: 5:
    • https://qa.mavistesting.com/accessibility-statement
    • https://qa.mavistesting.com/manifest/application-c6c1c9a9.json
    • https://qa.mavistesting.com/robots.txt
    • https://qa.mavistesting.com/start
    • https://qa.mavistesting.com/users/sign-in
  • Retrieved from Cache [10050] total: 1:
    • https://qa.mavistesting.com/assets/application/icon-180-b102637e.png
  • Session Management Response Identified [10112] total: 5:
    • https://qa.mavistesting.com/accessibility-statement
    • https://qa.mavistesting.com/dashboard
    • https://qa.mavistesting.com/start
    • https://qa.mavistesting.com/users/sign-in
    • https://qa.mavistesting.com/users/sign-in
  • Storable and Cacheable Content [10049] total: 6:
    • https://qa.mavistesting.com/assets/application/icon-180-b102637e.png
    • https://qa.mavistesting.com/assets/favicon-2be3abc8.svg
    • https://qa.mavistesting.com/assets/favicon-65dc20c7.ico
    • https://qa.mavistesting.com/assets/icon-mask-aa290807.svg
    • https://qa.mavistesting.com/manifest/application-c6c1c9a9.json
    • ..

  Resolved Alerts

  • Hidden File Found [40035] total: 3:

View the following link to download the report.
RunnerID:19025418172

[github-actions]

• Site: https://qa.mavistesting.com
  Resolved Alerts
  • Content Security Policy (CSP) Header Not Set [10038] total: 4:
  • Application Error Disclosure [90022] total: 1:
  • Cookie Slack Detector [90027] total: 12:
  • Cookie without SameSite Attribute [10054] total: 5:
  • Information Disclosure - Debug Error Messages [10023] total: 1:
  • Insufficient Site Isolation Against Spectre Vulnerability [90004] total: 9:
  • Permissions Policy Header Not Set [10063] total: 5:
  • Timestamp Disclosure - Unix [10096] total: 1:
  • X-Content-Type-Options Header Missing [10021] total: 7:
  • Authentication Request Identified [10111] total: 1:
  • Cookie Slack Detector [90027] total: 3:
  • Information Disclosure - Suspicious Comments [10027] total: 1:
  • Non-Storable Content [10049] total: 4:
  • Re-examine Cache-control Directives [10015] total: 5:
  • Retrieved from Cache [10050] total: 1:
  • Session Management Response Identified [10112] total: 5:
  • Storable and Cacheable Content [10049] total: 6:

View the following link to download the report.
RunnerID:19222284360

[github-actions]

• Site: https://qa.mavistesting.com
  New Alerts
  • Content Security Policy (CSP) Header Not Set [10038] total: 4:
    • https://qa.mavistesting.com/accessibility-statement
    • https://qa.mavistesting.com/start
    • https://qa.mavistesting.com/users/sign-in
    • https://qa.mavistesting.com/users/sign-in
  • Application Error Disclosure [90022] total: 1:
    • https://qa.mavistesting.com/sitemap.xml
  • Cookie Slack Detector [90027] total: 13:
    • https://qa.mavistesting.com/assets
    • https://qa.mavistesting.com/assets/application
    • https://qa.mavistesting.com/assets/application-281d0140.css
    • https://qa.mavistesting.com/assets/application-5b95b609.js
    • https://qa.mavistesting.com/assets/application/icon-180-b102637e.png
    • ..
  • Cookie without SameSite Attribute [10054] total: 5:
    • https://qa.mavistesting.com/accessibility-statement
    • https://qa.mavistesting.com/dashboard
    • https://qa.mavistesting.com/start
    • https://qa.mavistesting.com/users/sign-in
    • https://qa.mavistesting.com/users/sign-in
  • Information Disclosure - Debug Error Messages [10023] total: 1:
    • https://qa.mavistesting.com/sitemap.xml
  • Insufficient Site Isolation Against Spectre Vulnerability [90004] total: 9:
    • https://qa.mavistesting.com/assets/application/icon-180-b102637e.png
    • https://qa.mavistesting.com/assets/favicon-2be3abc8.svg
    • https://qa.mavistesting.com/assets/favicon-65dc20c7.ico
    • https://qa.mavistesting.com/assets/icon-mask-aa290807.svg
    • https://qa.mavistesting.com/manifest/application-c6c1c9a9.json
    • ..
  • Permissions Policy Header Not Set [10063] total: 5:
    • https://qa.mavistesting.com/accessibility-statement
    • https://qa.mavistesting.com/assets/application-5b95b609.js
    • https://qa.mavistesting.com/start
    • https://qa.mavistesting.com/users/sign-in
    • https://qa.mavistesting.com/users/sign-in
  • Timestamp Disclosure - Unix [10096] total: 1:
    • https://qa.mavistesting.com/assets/application-281d0140.css
  • X-Content-Type-Options Header Missing [10021] total: 7:
    • https://qa.mavistesting.com/assets/application-281d0140.css
    • https://qa.mavistesting.com/assets/application-5b95b609.js
    • https://qa.mavistesting.com/assets/application/icon-180-b102637e.png
    • https://qa.mavistesting.com/assets/favicon-2be3abc8.svg
    • https://qa.mavistesting.com/assets/favicon-65dc20c7.ico
    • ..
  • Authentication Request Identified [10111] total: 1:
    • https://qa.mavistesting.com/users/sign-in
  • Cookie Slack Detector [90027] total: 2:
    • https://qa.mavistesting.com/accessibility-statement
    • https://qa.mavistesting.com/start
  • Information Disclosure - Suspicious Comments [10027] total: 1:
    • https://qa.mavistesting.com/assets/application-5b95b609.js
  • Non-Storable Content [10049] total: 4:
    • https://qa.mavistesting.com/
    • https://qa.mavistesting.com/dashboard
    • https://qa.mavistesting.com/sitemap.xml
    • https://qa.mavistesting.com/start
  • Re-examine Cache-control Directives [10015] total: 5:
    • https://qa.mavistesting.com/accessibility-statement
    • https://qa.mavistesting.com/manifest/application-c6c1c9a9.json
    • https://qa.mavistesting.com/robots.txt
    • https://qa.mavistesting.com/start
    • https://qa.mavistesting.com/users/sign-in
  • Retrieved from Cache [10050] total: 1:
    • https://qa.mavistesting.com/assets/application/icon-180-b102637e.png
  • Session Management Response Identified [10112] total: 5:
    • https://qa.mavistesting.com/accessibility-statement
    • https://qa.mavistesting.com/dashboard
    • https://qa.mavistesting.com/start
    • https://qa.mavistesting.com/users/sign-in
    • https://qa.mavistesting.com/users/sign-in
  • Storable and Cacheable Content [10049] total: 6:
    • https://qa.mavistesting.com/assets/application/icon-180-b102637e.png
    • https://qa.mavistesting.com/assets/favicon-2be3abc8.svg
    • https://qa.mavistesting.com/assets/favicon-65dc20c7.ico
    • https://qa.mavistesting.com/assets/icon-mask-aa290807.svg
    • https://qa.mavistesting.com/manifest/application-c6c1c9a9.json
    • ..

View the following link to download the report.
RunnerID:19420029829

[github-actions]

• Site: https://qa.mavistesting.com
  Resolved Alerts
  • Retrieved from Cache [10050] total: 1:

View the following link to download the report.
RunnerID:20706672054

[github-actions]

• Site: https://qa.mavistesting.com
  New Alerts
  • Retrieved from Cache [10050] total: 1:
    • https://qa.mavistesting.com/assets/application/icon-180-b102637e.png

View the following link to download the report.
RunnerID:21127115058

[github-actions]

• Site: https://qa.mavistesting.com
  Resolved Alerts
  • Information Disclosure - Suspicious Comments [10027] total: 1:

View the following link to download the report.
RunnerID:22840991506

[github-actions]

• Site: https://qa.mavistesting.com
  Resolved Alerts
  • Retrieved from Cache [10050] total: 2:

View the following link to download the report.
RunnerID:23131002726