Update site content

alerttags/hipaa/index.html

@@ -205,6 +205,12 @@ <h4><a href="https://www.zaproxy.org/docs/desktop/addons/common-library/alerttag
                </tr>
 
 
+               <tr>
+                  <td><a href="/docs/alerts/40015/">LDAP Injection</a></td>
+                  <td><a href=""></a></td>
+               </tr>
+
+
                <tr>
                   <td><a href="/docs/alerts/40043-1/">Log4Shell (CVE-2021-44228)</a></td>
                   <td><a href=""></a></td>
@@ -217,6 +223,18 @@ <h4><a href="https://www.zaproxy.org/docs/desktop/addons/common-library/alerttag
                </tr>
 
 
+               <tr>
+                  <td><a href="/docs/alerts/40033/">NoSQL Injection - MongoDB</a></td>
+                  <td><a href=""></a></td>
+               </tr>
+
+
+               <tr>
+                  <td><a href="/docs/alerts/90039/">NoSQL Injection - MongoDB (Time Based)</a></td>
+                  <td><a href=""></a></td>
+               </tr>
+
+
                <tr>
                   <td><a href="/docs/alerts/40031/">Out of Band XSS</a></td>
                   <td><a href=""></a></td>
@@ -337,6 +355,12 @@ <h4><a href="https://www.zaproxy.org/docs/desktop/addons/common-library/alerttag
                </tr>
 
 
+               <tr>
+                  <td><a href="/docs/alerts/40039/">Web Cache Deception</a></td>
+                  <td><a href=""></a></td>
+               </tr>
+
+
                <tr>
                   <td><a href="/docs/alerts/90023/">XML External Entity Attack</a></td>
                   <td><a href=""></a></td>

alerttags/hipaa/index.xml

@@ -77,6 +77,13 @@
       <guid>/docs/alerts/20019-4/</guid>
       <description>&lt;p&gt;URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.&lt;/p&gt;</description>
     </item>
+    <item>
+      <title>LDAP Injection</title>
+      <link>/docs/alerts/40015/</link>
+      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+      <guid>/docs/alerts/40015/</guid>
+      <description>&lt;p&gt;LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.&lt;/p&gt;</description>
+    </item>
     <item>
       <title>Log4Shell (CVE-2021-44228)</title>
       <link>/docs/alerts/40043-1/</link>
@@ -91,6 +98,20 @@
       <guid>/docs/alerts/40043-2/</guid>
       <description>&lt;p&gt;It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments.&lt;/p&gt;</description>
     </item>
+    <item>
+      <title>NoSQL Injection - MongoDB</title>
+      <link>/docs/alerts/40033/</link>
+      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+      <guid>/docs/alerts/40033/</guid>
+      <description>&lt;p&gt;MongoDB query injection may be possible.&lt;/p&gt;</description>
+    </item>
+    <item>
+      <title>NoSQL Injection - MongoDB (Time Based)</title>
+      <link>/docs/alerts/90039/</link>
+      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+      <guid>/docs/alerts/90039/</guid>
+      <description>&lt;p&gt;MongoDB query injection may be possible.&lt;/p&gt;</description>
+    </item>
     <item>
       <title>Out of Band XSS</title>
       <link>/docs/alerts/40031/</link>
@@ -231,6 +252,13 @@
       <guid>/docs/alerts/40047/</guid>
       <description>&lt;p&gt;Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults.Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.The application has been shown to initial contact with remote servers via variable interpolation and may well be vulnerable to Remote Code Execution (RCE).&lt;/p&gt;</description>
     </item>
+    <item>
+      <title>Web Cache Deception</title>
+      <link>/docs/alerts/40039/</link>
+      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+      <guid>/docs/alerts/40039/</guid>
+      <description>&lt;p&gt;Web cache deception may be possible. It may be possible for unauthorised user to view sensitive data on this page.&lt;/p&gt;</description>
+    </item>
     <item>
       <title>XML External Entity Attack</title>
       <link>/docs/alerts/90023/</link>

alerttags/pci_dss/index.html

@@ -187,6 +187,12 @@ <h4><a href="https://www.zaproxy.org/docs/desktop/addons/common-library/alerttag
                </tr>
 
 
+               <tr>
+                  <td><a href="/docs/alerts/40015/">LDAP Injection</a></td>
+                  <td><a href=""></a></td>
+               </tr>
+
+
                <tr>
                   <td><a href="/docs/alerts/40043-1/">Log4Shell (CVE-2021-44228)</a></td>
                   <td><a href=""></a></td>
@@ -199,6 +205,18 @@ <h4><a href="https://www.zaproxy.org/docs/desktop/addons/common-library/alerttag
                </tr>
 
 
+               <tr>
+                  <td><a href="/docs/alerts/40033/">NoSQL Injection - MongoDB</a></td>
+                  <td><a href=""></a></td>
+               </tr>
+
+
+               <tr>
+                  <td><a href="/docs/alerts/90039/">NoSQL Injection - MongoDB (Time Based)</a></td>
+                  <td><a href=""></a></td>
+               </tr>
+
+
                <tr>
                   <td><a href="/docs/alerts/40031/">Out of Band XSS</a></td>
                   <td><a href=""></a></td>
@@ -319,6 +337,12 @@ <h4><a href="https://www.zaproxy.org/docs/desktop/addons/common-library/alerttag
                </tr>
 
 
+               <tr>
+                  <td><a href="/docs/alerts/40039/">Web Cache Deception</a></td>
+                  <td><a href=""></a></td>
+               </tr>
+
+
                <tr>
                   <td><a href="/docs/alerts/90023/">XML External Entity Attack</a></td>
                   <td><a href=""></a></td>

alerttags/pci_dss/index.xml

@@ -56,6 +56,13 @@
       <guid>/docs/alerts/90025/</guid>
       <description>&lt;p&gt;The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. In certain versions of Spring 3.0.5 and earlier, there was a vulnerability (CVE-2011-2730) in which Expression Language tags would be evaluated twice, which effectively exposed any application to EL injection. However, even for later versions, this weakness is still possible depending on configuration.&lt;/p&gt;</description>
     </item>
+    <item>
+      <title>LDAP Injection</title>
+      <link>/docs/alerts/40015/</link>
+      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+      <guid>/docs/alerts/40015/</guid>
+      <description>&lt;p&gt;LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.&lt;/p&gt;</description>
+    </item>
     <item>
       <title>Log4Shell (CVE-2021-44228)</title>
       <link>/docs/alerts/40043-1/</link>
@@ -70,6 +77,20 @@
       <guid>/docs/alerts/40043-2/</guid>
       <description>&lt;p&gt;It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments.&lt;/p&gt;</description>
     </item>
+    <item>
+      <title>NoSQL Injection - MongoDB</title>
+      <link>/docs/alerts/40033/</link>
+      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+      <guid>/docs/alerts/40033/</guid>
+      <description>&lt;p&gt;MongoDB query injection may be possible.&lt;/p&gt;</description>
+    </item>
+    <item>
+      <title>NoSQL Injection - MongoDB (Time Based)</title>
+      <link>/docs/alerts/90039/</link>
+      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+      <guid>/docs/alerts/90039/</guid>
+      <description>&lt;p&gt;MongoDB query injection may be possible.&lt;/p&gt;</description>
+    </item>
     <item>
       <title>Out of Band XSS</title>
       <link>/docs/alerts/40031/</link>
@@ -210,6 +231,13 @@
       <guid>/docs/alerts/40047/</guid>
       <description>&lt;p&gt;Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults.Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.The application has been shown to initial contact with remote servers via variable interpolation and may well be vulnerable to Remote Code Execution (RCE).&lt;/p&gt;</description>
     </item>
+    <item>
+      <title>Web Cache Deception</title>
+      <link>/docs/alerts/40039/</link>
+      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+      <guid>/docs/alerts/40039/</guid>
+      <description>&lt;p&gt;Web cache deception may be possible. It may be possible for unauthorised user to view sensitive data on this page.&lt;/p&gt;</description>
+    </item>
     <item>
       <title>XML External Entity Attack</title>
       <link>/docs/alerts/90023/</link>

docs/alerts/40015/index.html

@@ -190,10 +190,14 @@ <h1 class="text--white">LDAP Injection</h1>
               </td>
               <td>
 
+              	<a href="/alerttags/hipaa">HIPAA</a><br>
+
               	<a href="/alerttags/owasp_2017_a01">OWASP_2017_A01</a><br>
 
               	<a href="/alerttags/owasp_2021_a03">OWASP_2021_A03</a><br>
 
+              	<a href="/alerttags/pci_dss">PCI_DSS</a><br>
+
               	<a href="/alerttags/policy_pentest">POLICY_PENTEST</a><br>
 
               	<a href="/alerttags/wstg-v42-inpv-06">WSTG-V42-INPV-06</a><br>

docs/alerts/40033/index.html

@@ -190,10 +190,14 @@ <h1 class="text--white">NoSQL Injection - MongoDB</h1>
               </td>
               <td>
 
+              	<a href="/alerttags/hipaa">HIPAA</a><br>
+
               	<a href="/alerttags/owasp_2017_a01">OWASP_2017_A01</a><br>
 
               	<a href="/alerttags/owasp_2021_a03">OWASP_2021_A03</a><br>
 
+              	<a href="/alerttags/pci_dss">PCI_DSS</a><br>
+
               	<a href="/alerttags/policy_pentest">POLICY_PENTEST</a><br>
 
               	<a href="/alerttags/wstg-v42-inpv-05">WSTG-V42-INPV-05</a><br>

docs/alerts/40039/index.html

@@ -161,8 +161,8 @@ <h1 class="text--white">Web Cache Deception</h1>
                 <strong>CWE</strong>
               </td>
               <td>
-                <a href="https://cwe.mitre.org/data/definitions/.html">
-
+                <a href="https://cwe.mitre.org/data/definitions/444.html">
+                  444
                 </a>
               </td>
             </tr>
@@ -188,10 +188,14 @@ <h1 class="text--white">Web Cache Deception</h1>
               </td>
               <td>
 
+              	<a href="/alerttags/hipaa">HIPAA</a><br>
+
               	<a href="/alerttags/owasp_2017_a06">OWASP_2017_A06</a><br>
 
               	<a href="/alerttags/owasp_2021_a05">OWASP_2021_A05</a><br>
 
+              	<a href="/alerttags/pci_dss">PCI_DSS</a><br>
+
               	<a href="/alerttags/policy_pentest">POLICY_PENTEST</a><br>
 
               	<a href="/alerttags/wstg-v42-athn-06">WSTG-V42-ATHN-06</a><br>

docs/alerts/90039/index.html

@@ -192,10 +192,14 @@ <h1 class="text--white">NoSQL Injection - MongoDB (Time Based)</h1>
 
               	<a href="/alerttags/cwe-943">CWE-943</a><br>
 
+              	<a href="/alerttags/hipaa">HIPAA</a><br>
+
               	<a href="/alerttags/owasp_2017_a01">OWASP_2017_A01</a><br>
 
               	<a href="/alerttags/owasp_2021_a03">OWASP_2021_A03</a><br>
 
+              	<a href="/alerttags/pci_dss">PCI_DSS</a><br>
+
               	<a href="/alerttags/policy_pentest">POLICY_PENTEST</a><br>
 
               	<a href="/alerttags/test_timing">TEST_TIMING</a><br>

docs/alerts/index.html

@@ -2097,7 +2097,7 @@ <h1 class="text--white">ZAP Alert Details</h1>
                   <td>alpha</td>
                   <td>Medium</td>
                   <td>Active</td>
-                  <td class='td-non-mobile'></td>
+                  <td class='td-non-mobile'>444</td>
                   <td class='td-non-mobile'></td>
                </tr>