From 5e200c0e0a282ab1a198dd465a5bc5e727246887 Mon Sep 17 00:00:00 2001
From: zapbot <12745184+zapbot@users.noreply.github.com>
Date: Fri, 7 Nov 2025 15:03:17 +0000
Subject: [PATCH] Update site content

From:
zaproxy/zaproxy-website@e802a20f59b3f2a2896ec101f325715ea2b9d448

Signed-off-by: zapbot <12745184+zapbot@users.noreply.github.com>
---
 addons/index.html                             |  18 +-
 .../addons/automation-framework/index.html    |   1 +
 .../addons/report-generation/index.xml        |   8 +-
 .../report-traditional-json-plus/index.html   |   3 +
 .../report-traditional-json/index.html        |   3 +
 .../report-traditional-markdown/index.html    |   3 +
 .../report-traditional-xml-plus/index.html    |   3 +
 .../report-traditional-xml/index.html         |   8 +-
 docs/sbom/authhelper/index.html               |   6 +-
 docs/sbom/automation/index.html               |   4 +-
 docs/sbom/index.html                          |   2 +-
 docs/sbom/reports/index.html                  | 256 +++++++++++++-----
 docs/statistics/index.xml                     |   2 +-
 .../top-addons-last-month/index.html          |   2 +-
 index.xml                                     |  19 +-
 search/index.json                             |  24 +-
 16 files changed, 252 insertions(+), 110 deletions(-)

diff --git a/addons/index.html b/addons/index.html
index 8bff0da894..87338acc88 100644
--- a/addons/index.html
+++ b/addons/index.html
@@ -456,7 +456,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             <a class="no-border" title="Repository" href="https://github.com/zaproxy/zap-extensions/" target="_blank" rel="noopener noreferrer"><img alt="Repository" src="/img/addons/source.png" /></a>
             
             
-            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/authhelper-v0.31.0/authhelper-beta-0.31.0.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
+            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/authhelper-v0.32.0/authhelper-beta-0.32.0.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
             
             
             
@@ -469,7 +469,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             authhelper
         </td>
         <td align="center">
-            0.31.0
+            0.32.0
         </td>
         <td >
             beta
@@ -478,7 +478,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             ZAP Dev Team
         </td>
         <td align="center">
-            2025-11-05
+            2025-11-07
         </td>
     </tr>
     
@@ -524,7 +524,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             <a class="no-border" title="Repository" href="https://github.com/zaproxy/zap-extensions/" target="_blank" rel="noopener noreferrer"><img alt="Repository" src="/img/addons/source.png" /></a>
             
             
-            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/automation-v0.55.0/automation-beta-0.55.0.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
+            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/automation-v0.56.0/automation-beta-0.56.0.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
             
             
             
@@ -537,7 +537,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             automation
         </td>
         <td align="center">
-            0.55.0
+            0.56.0
         </td>
         <td >
             beta
@@ -546,7 +546,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             ZAP Dev Team
         </td>
         <td align="center">
-            2025-11-05
+            2025-11-07
         </td>
     </tr>
     
@@ -3075,7 +3075,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             <a class="no-border" title="Repository" href="https://github.com/zaproxy/zap-extensions/" target="_blank" rel="noopener noreferrer"><img alt="Repository" src="/img/addons/source.png" /></a>
             
             
-            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/reports-v0.41.0/reports-release-0.41.0.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
+            <a class="no-border" title="Download" href="https://github.com/zaproxy/zap-extensions/releases/download/reports-v0.42.0/reports-release-0.42.0.zap" target="_blank" rel="noopener noreferrer"><img alt="Download" src="/img/addons/download.png" /></a>
             
             
             
@@ -3088,7 +3088,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             reports
         </td>
         <td align="center">
-            0.41.0
+            0.42.0
         </td>
         <td >
             release
@@ -3097,7 +3097,7 @@ <h1 class="text--white">ZAP Marketplace</h1>
             ZAP Dev Team
         </td>
         <td align="center">
-            2025-09-04
+            2025-11-07
         </td>
     </tr>
     
diff --git a/docs/desktop/addons/automation-framework/index.html b/docs/desktop/addons/automation-framework/index.html
index e50e995f8c..12c54068ba 100644
--- a/docs/desktop/addons/automation-framework/index.html
+++ b/docs/desktop/addons/automation-framework/index.html
@@ -1865,6 +1865,7 @@ <h3 id="command-line-options">Command Line Options <a class="header-link" href="
 <li>-autogenmin &lt;filename&gt; Generate template automation file with the key parameters.</li>
 <li>-autogenmax &lt;filename&gt; Generate template automation file with all parameters.</li>
 <li>-autogenconf &lt;filename&gt; Generate template automation file using the current configuration.</li>
+<li>-autocheck &lt;source&gt; Check the specified automation plan in the file or from the URL.</li>
 </ul>
 
 <h3 id="exit-codes">Exit Codes <a class="header-link" href="#exit-codes"><svg class="fill-current o-60 hover-accent-color-light" height="22px" viewBox="0 0 24 24" width="22px" xmlns="http://www.w3.org/2000/svg"><path d="M0 0h24v24H0z" fill="none"/><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z" fill="currentColor"/></svg></a></h3>
diff --git a/docs/desktop/addons/report-generation/index.xml b/docs/desktop/addons/report-generation/index.xml
index cd50ccdcef..92130275a3 100644
--- a/docs/desktop/addons/report-generation/index.xml
+++ b/docs/desktop/addons/report-generation/index.xml
@@ -89,14 +89,14 @@
       <link>/docs/desktop/addons/report-generation/report-traditional-json/</link>
       <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
       <guid>/docs/desktop/addons/report-generation/report-traditional-json/</guid>
-      <description>&lt;h1 id=&#34;traditional-json-report&#34;&gt;Traditional JSON Report&lt;/h1&gt;&#xA;&#xA;&lt;h3 id=&#34;sample&#34;&gt;Sample &lt;a class=&#34;header-link&#34; href=&#34;#sample&#34;&gt;&lt;svg class=&#34;fill-current o-60 hover-accent-color-light&#34; height=&#34;22px&#34; viewBox=&#34;0 0 24 24&#34; width=&#34;22px&#34; xmlns=&#34;http://www.w3.org/2000/svg&#34;&gt;&lt;path d=&#34;M0 0h24v24H0z&#34; fill=&#34;none&#34;/&gt;&lt;path d=&#34;M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z&#34; fill=&#34;currentColor&#34;/&gt;&lt;/svg&gt;&lt;/a&gt;&lt;/h3&gt;&#xA;&lt;pre tabindex=&#34;0&#34;&gt;&lt;code&gt;{&#xA;    &amp;#34;@version&amp;#34;: &amp;#34;Dev Build&amp;#34;,&#xA;    &amp;#34;@generated&amp;#34;: &amp;#34;Fri, 4 Feb 2022 13:04:51&amp;#34;,&#xA;    &amp;#34;created&amp;#34;: &amp;#34;2022-02-04T13:04:51.236211400Z&amp;#34;,&#xA;    &amp;#34;site&amp;#34;:[&#xA;        {&#xA;            &amp;#34;@name&amp;#34;: &amp;#34;http://localhost:8080&amp;#34;,&#xA;            &amp;#34;@host&amp;#34;: &amp;#34;localhost&amp;#34;,&#xA;            &amp;#34;@port&amp;#34;: &amp;#34;8080&amp;#34;,&#xA;            &amp;#34;@ssl&amp;#34;: &amp;#34;false&amp;#34;,&#xA;            &amp;#34;alerts&amp;#34;: [&#xA;                {&#xA;                    &amp;#34;pluginid&amp;#34;: &amp;#34;40012&amp;#34;,&#xA;                    &amp;#34;alertRef&amp;#34;: &amp;#34;40012&amp;#34;,&#xA;                    &amp;#34;alert&amp;#34;: &amp;#34;Cross Site Scripting (Reflected)&amp;#34;,&#xA;                    &amp;#34;name&amp;#34;: &amp;#34;Cross Site Scripting (Reflected)&amp;#34;,&#xA;                    &amp;#34;riskcode&amp;#34;: &amp;#34;3&amp;#34;,&#xA;                    &amp;#34;confidence&amp;#34;: &amp;#34;2&amp;#34;,&#xA;                    &amp;#34;riskdesc&amp;#34;: &amp;#34;High (Medium)&amp;#34;,&#xA;                    &amp;#34;desc&amp;#34;: &amp;#34;&amp;lt;p&amp;gt;Cross-site Scripting (XSS) is an attack technique that involves ...&amp;lt;/p&amp;gt;&amp;#34;,&#xA;                    &amp;#34;instances&amp;#34;:[&#xA;                        {&#xA;                            &amp;#34;uri&amp;#34;: &amp;#34;http://localhost:8080/bodgeit/search.jsp?q=%3C%2Ffont%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cfont%3E&amp;#34;,&#xA;                            &amp;#34;method&amp;#34;: &amp;#34;GET&amp;#34;,&#xA;                            &amp;#34;param&amp;#34;: &amp;#34;q&amp;#34;,&#xA;                            &amp;#34;attack&amp;#34;: &amp;#34;&amp;lt;/font&amp;gt;&amp;lt;scrIpt&amp;gt;alert(1);&amp;lt;/scRipt&amp;gt;&amp;lt;font&amp;gt;&amp;#34;,&#xA;                            &amp;#34;evidence&amp;#34;: &amp;#34;&amp;lt;/font&amp;gt;&amp;lt;scrIpt&amp;gt;alert(1);&amp;lt;/scRipt&amp;gt;&amp;lt;font&amp;gt;&amp;#34;,&#xA;                            &amp;#34;otherinfo&amp;#34;: &amp;#34;&amp;#34;&#xA;                        },&#xA;                        {&#xA;                            &amp;#34;uri&amp;#34;: &amp;#34;http://localhost:8080/bodgeit/contact.jsp&amp;#34;,&#xA;                            &amp;#34;method&amp;#34;: &amp;#34;POST&amp;#34;,&#xA;                            &amp;#34;param&amp;#34;: &amp;#34;comments&amp;#34;,&#xA;                            &amp;#34;attack&amp;#34;: &amp;#34;&amp;lt;/td&amp;gt;&amp;lt;scrIpt&amp;gt;alert(1);&amp;lt;/scRipt&amp;gt;&amp;lt;td&amp;gt;&amp;#34;,&#xA;                            &amp;#34;evidence&amp;#34;: &amp;#34;&amp;lt;/td&amp;gt;&amp;lt;scrIpt&amp;gt;alert(1);&amp;lt;/scRipt&amp;gt;&amp;lt;td&amp;gt;&amp;#34;,&#xA;                            &amp;#34;otherinfo&amp;#34;: &amp;#34;&amp;#34;&#xA;                        }&#xA;                    ],                   &#xA;                    &amp;#34;count&amp;#34;: &amp;#34;2&amp;#34;, &#xA;                    &amp;#34;solution&amp;#34;: &amp;#34;&amp;lt;p&amp;gt;Phase: Architecture and Design&amp;lt;/p&amp;gt;&amp;lt;p&amp;gt;Use a vetted library or framework that does not ...&amp;lt;/p&amp;gt;&amp;#34;,&#xA;                    &amp;#34;otherinfo&amp;#34;: &amp;#34;&amp;#34;,&#xA;                    &amp;#34;reference&amp;#34;: &amp;#34;&amp;lt;p&amp;gt;http://projects.webappsec.org/Cross-Site-Scripting&amp;lt;/p&amp;gt;&amp;lt;p&amp;gt;http://cwe.mitre.org/data/definitions/79.html&amp;lt;/p&amp;gt;&amp;#34;,&#xA;                    &amp;#34;cweid&amp;#34;: &amp;#34;79&amp;#34;,&#xA;                    &amp;#34;wascid&amp;#34;: &amp;#34;8&amp;#34;,&#xA;                    &amp;#34;sourceid&amp;#34;: &amp;#34;36977&amp;#34;&#xA;                },&#xA;&lt;/code&gt;&lt;/pre&gt;&lt;p&gt;The report can also include details of Sequences and related active scanning results, for example:&lt;/p&gt;</description>
+      <description>&lt;h1 id=&#34;traditional-json-report&#34;&gt;Traditional JSON Report&lt;/h1&gt;&#xA;&#xA;&lt;h3 id=&#34;sample&#34;&gt;Sample &lt;a class=&#34;header-link&#34; href=&#34;#sample&#34;&gt;&lt;svg class=&#34;fill-current o-60 hover-accent-color-light&#34; height=&#34;22px&#34; viewBox=&#34;0 0 24 24&#34; width=&#34;22px&#34; xmlns=&#34;http://www.w3.org/2000/svg&#34;&gt;&lt;path d=&#34;M0 0h24v24H0z&#34; fill=&#34;none&#34;/&gt;&lt;path d=&#34;M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z&#34; fill=&#34;currentColor&#34;/&gt;&lt;/svg&gt;&lt;/a&gt;&lt;/h3&gt;&#xA;&lt;pre tabindex=&#34;0&#34;&gt;&lt;code&gt;{&#xA;    &amp;#34;@version&amp;#34;: &amp;#34;Dev Build&amp;#34;,&#xA;    &amp;#34;@generated&amp;#34;: &amp;#34;Fri, 4 Feb 2022 13:04:51&amp;#34;,&#xA;    &amp;#34;created&amp;#34;: &amp;#34;2022-02-04T13:04:51.236211400Z&amp;#34;,&#xA;    &amp;#34;site&amp;#34;:[&#xA;        {&#xA;            &amp;#34;@name&amp;#34;: &amp;#34;http://localhost:8080&amp;#34;,&#xA;            &amp;#34;@host&amp;#34;: &amp;#34;localhost&amp;#34;,&#xA;            &amp;#34;@port&amp;#34;: &amp;#34;8080&amp;#34;,&#xA;            &amp;#34;@ssl&amp;#34;: &amp;#34;false&amp;#34;,&#xA;            &amp;#34;alerts&amp;#34;: [&#xA;                {&#xA;                    &amp;#34;pluginid&amp;#34;: &amp;#34;40012&amp;#34;,&#xA;                    &amp;#34;alertRef&amp;#34;: &amp;#34;40012&amp;#34;,&#xA;                    &amp;#34;alert&amp;#34;: &amp;#34;Cross Site Scripting (Reflected)&amp;#34;,&#xA;                    &amp;#34;name&amp;#34;: &amp;#34;Cross Site Scripting (Reflected)&amp;#34;,&#xA;                    &amp;#34;riskcode&amp;#34;: &amp;#34;3&amp;#34;,&#xA;                    &amp;#34;confidence&amp;#34;: &amp;#34;2&amp;#34;,&#xA;                    &amp;#34;riskdesc&amp;#34;: &amp;#34;High (Medium)&amp;#34;,&#xA;                    &amp;#34;desc&amp;#34;: &amp;#34;&amp;lt;p&amp;gt;Cross-site Scripting (XSS) is an attack technique that involves ...&amp;lt;/p&amp;gt;&amp;#34;,&#xA;                    &amp;#34;instances&amp;#34;:[&#xA;                        {&#xA;                            &amp;#34;uri&amp;#34;: &amp;#34;http://localhost:8080/bodgeit/search.jsp?q=%3C%2Ffont%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cfont%3E&amp;#34;,&#xA;                            &amp;#34;nodeName&amp;#34;: &amp;#34;http://localhost:8080/bodgeit/search.jsp (q)&amp;#34;,&#xA;                            &amp;#34;method&amp;#34;: &amp;#34;GET&amp;#34;,&#xA;                            &amp;#34;param&amp;#34;: &amp;#34;q&amp;#34;,&#xA;                            &amp;#34;attack&amp;#34;: &amp;#34;&amp;lt;/font&amp;gt;&amp;lt;scrIpt&amp;gt;alert(1);&amp;lt;/scRipt&amp;gt;&amp;lt;font&amp;gt;&amp;#34;,&#xA;                            &amp;#34;evidence&amp;#34;: &amp;#34;&amp;lt;/font&amp;gt;&amp;lt;scrIpt&amp;gt;alert(1);&amp;lt;/scRipt&amp;gt;&amp;lt;font&amp;gt;&amp;#34;,&#xA;                            &amp;#34;otherinfo&amp;#34;: &amp;#34;&amp;#34;&#xA;                        },&#xA;                        {&#xA;                            &amp;#34;uri&amp;#34;: &amp;#34;http://localhost:8080/bodgeit/contact.jsp&amp;#34;,&#xA;                            &amp;#34;nodeName&amp;#34;: &amp;#34;http://localhost:8080/bodgeit/contact.jsp&amp;#34;,&#xA;                            &amp;#34;method&amp;#34;: &amp;#34;POST&amp;#34;,&#xA;                            &amp;#34;param&amp;#34;: &amp;#34;comments&amp;#34;,&#xA;                            &amp;#34;attack&amp;#34;: &amp;#34;&amp;lt;/td&amp;gt;&amp;lt;scrIpt&amp;gt;alert(1);&amp;lt;/scRipt&amp;gt;&amp;lt;td&amp;gt;&amp;#34;,&#xA;                            &amp;#34;evidence&amp;#34;: &amp;#34;&amp;lt;/td&amp;gt;&amp;lt;scrIpt&amp;gt;alert(1);&amp;lt;/scRipt&amp;gt;&amp;lt;td&amp;gt;&amp;#34;,&#xA;                            &amp;#34;otherinfo&amp;#34;: &amp;#34;&amp;#34;&#xA;                        }&#xA;                    ],                   &#xA;                    &amp;#34;count&amp;#34;: &amp;#34;2&amp;#34;, &#xA;                    &amp;#34;systemic&amp;#34;: false, &#xA;                    &amp;#34;solution&amp;#34;: &amp;#34;&amp;lt;p&amp;gt;Phase: Architecture and Design&amp;lt;/p&amp;gt;&amp;lt;p&amp;gt;Use a vetted library or framework that does not ...&amp;lt;/p&amp;gt;&amp;#34;,&#xA;                    &amp;#34;otherinfo&amp;#34;: &amp;#34;&amp;#34;,&#xA;                    &amp;#34;reference&amp;#34;: &amp;#34;&amp;lt;p&amp;gt;http://projects.webappsec.org/Cross-Site-Scripting&amp;lt;/p&amp;gt;&amp;lt;p&amp;gt;http://cwe.mitre.org/data/definitions/79.html&amp;lt;/p&amp;gt;&amp;#34;,&#xA;                    &amp;#34;cweid&amp;#34;: &amp;#34;79&amp;#34;,&#xA;                    &amp;#34;wascid&amp;#34;: &amp;#34;8&amp;#34;,&#xA;                    &amp;#34;sourceid&amp;#34;: &amp;#34;36977&amp;#34;&#xA;                },&#xA;&lt;/code&gt;&lt;/pre&gt;&lt;p&gt;The report can also include details of Sequences and related active scanning results, for example:&lt;/p&gt;</description>
     </item>
     <item>
       <title>Traditional JSON Report with Requests and Responses</title>
       <link>/docs/desktop/addons/report-generation/report-traditional-json-plus/</link>
       <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
       <guid>/docs/desktop/addons/report-generation/report-traditional-json-plus/</guid>
-      <description>&lt;h1 id=&#34;traditional-json-report-with-requests-and-responses&#34;&gt;Traditional JSON Report with Requests and Responses&lt;/h1&gt;&#xA;&#xA;&lt;h3 id=&#34;sections&#34;&gt;Sections &lt;a class=&#34;header-link&#34; href=&#34;#sections&#34;&gt;&lt;svg class=&#34;fill-current o-60 hover-accent-color-light&#34; height=&#34;22px&#34; viewBox=&#34;0 0 24 24&#34; width=&#34;22px&#34; xmlns=&#34;http://www.w3.org/2000/svg&#34;&gt;&lt;path d=&#34;M0 0h24v24H0z&#34; fill=&#34;none&#34;/&gt;&lt;path d=&#34;M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z&#34; fill=&#34;currentColor&#34;/&gt;&lt;/svg&gt;&lt;/a&gt;&lt;/h3&gt;&#xA;&lt;table&gt;&#xA;  &lt;thead&gt;&#xA;      &lt;tr&gt;&#xA;          &lt;th style=&#34;text-align: left&#34;&gt;Section&lt;/th&gt;&#xA;          &lt;th style=&#34;text-align: left&#34;&gt;ID&lt;/th&gt;&#xA;      &lt;/tr&gt;&#xA;  &lt;/thead&gt;&#xA;  &lt;tbody&gt;&#xA;      &lt;tr&gt;&#xA;          &lt;td style=&#34;text-align: left&#34;&gt;Statistics&lt;/td&gt;&#xA;          &lt;td style=&#34;text-align: left&#34;&gt;statistics&lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &lt;tr&gt;&#xA;          &lt;td style=&#34;text-align: left&#34;&gt;Sequence Details&lt;/td&gt;&#xA;          &lt;td style=&#34;text-align: left&#34;&gt;sequencedetails&lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &lt;tr&gt;&#xA;          &lt;td style=&#34;text-align: left&#34;&gt;Automation Framework State&lt;/td&gt;&#xA;          &lt;td style=&#34;text-align: left&#34;&gt;afstate&lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;  &lt;/tbody&gt;&#xA;&lt;/table&gt;&#xA;&#xA;&lt;h3 id=&#34;sample&#34;&gt;Sample &lt;a class=&#34;header-link&#34; href=&#34;#sample&#34;&gt;&lt;svg class=&#34;fill-current o-60 hover-accent-color-light&#34; height=&#34;22px&#34; viewBox=&#34;0 0 24 24&#34; width=&#34;22px&#34; xmlns=&#34;http://www.w3.org/2000/svg&#34;&gt;&lt;path d=&#34;M0 0h24v24H0z&#34; fill=&#34;none&#34;/&gt;&lt;path d=&#34;M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z&#34; fill=&#34;currentColor&#34;/&gt;&lt;/svg&gt;&lt;/a&gt;&lt;/h3&gt;&#xA;&lt;pre tabindex=&#34;0&#34;&gt;&lt;code&gt;{&#xA;    &amp;#34;@version&amp;#34;: &amp;#34;Dev Build&amp;#34;,&#xA;    &amp;#34;@generated&amp;#34;: &amp;#34;Fri, 4 Feb 2022 13:04:51&amp;#34;,&#xA;    &amp;#34;created&amp;#34;: &amp;#34;2022-02-04T13:04:51.236211400Z&amp;#34;,&#xA;    &amp;#34;site&amp;#34;:[&#xA;        {&#xA;            &amp;#34;@name&amp;#34;: &amp;#34;http://localhost:8080&amp;#34;,&#xA;            &amp;#34;@host&amp;#34;: &amp;#34;localhost&amp;#34;,&#xA;            &amp;#34;@port&amp;#34;: &amp;#34;8080&amp;#34;,&#xA;            &amp;#34;@ssl&amp;#34;: &amp;#34;false&amp;#34;,&#xA;            &amp;#34;alerts&amp;#34;: [&#xA;                {&#xA;                    &amp;#34;pluginid&amp;#34;: &amp;#34;40012&amp;#34;,&#xA;                    &amp;#34;alertRef&amp;#34;: &amp;#34;40012&amp;#34;,&#xA;                    &amp;#34;alert&amp;#34;: &amp;#34;Cross Site Scripting (Reflected)&amp;#34;,&#xA;                    &amp;#34;name&amp;#34;: &amp;#34;Cross Site Scripting (Reflected)&amp;#34;,&#xA;                    &amp;#34;riskcode&amp;#34;: &amp;#34;3&amp;#34;,&#xA;                    &amp;#34;confidence&amp;#34;: &amp;#34;2&amp;#34;,&#xA;                    &amp;#34;riskdesc&amp;#34;: &amp;#34;High (Medium)&amp;#34;,&#xA;                    &amp;#34;desc&amp;#34;: &amp;#34;&amp;lt;p&amp;gt;Cross-site Scripting (XSS) is an attack technique that involves ...&amp;lt;/p&amp;gt;&amp;#34;,&#xA;                    &amp;#34;instances&amp;#34;:[&#xA;                        {&#xA;                            &amp;#34;uri&amp;#34;: &amp;#34;http://localhost:8080/bodgeit/search.jsp?q=%3C%2Ffont%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cfont%3E&amp;#34;,&#xA;                            &amp;#34;method&amp;#34;: &amp;#34;GET&amp;#34;,&#xA;                            &amp;#34;param&amp;#34;: &amp;#34;q&amp;#34;,&#xA;                            &amp;#34;attack&amp;#34;: &amp;#34;&amp;lt;/font&amp;gt;&amp;lt;scrIpt&amp;gt;alert(1);&amp;lt;/scRipt&amp;gt;&amp;lt;font&amp;gt;&amp;#34;,&#xA;                            &amp;#34;evidence&amp;#34;: &amp;#34;&amp;lt;/font&amp;gt;&amp;lt;scrIpt&amp;gt;alert(1);&amp;lt;/scRipt&amp;gt;&amp;lt;font&amp;gt;&amp;#34;,&#xA;                            &amp;#34;otherinfo&amp;#34;: &amp;#34;&amp;#34;,&#xA;                            &amp;#34;request-header&amp;#34;: &amp;#34;GET http://localhost:8080/bodgeit/search.jsp?q=%3C%2Ffont%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cfont%3E HTTP/1.1\r\n...&amp;#34;,&#xA;                            &amp;#34;request-body&amp;#34;: &amp;#34;&amp;#34;,&#xA;                            &amp;#34;response-header&amp;#34;: &amp;#34;HTTP/1.1 200\r\nContent-Type: text/html;charset=ISO-8859-1\r\nContent-Length: 2045\r\nDate: Fri, 04 Feb 2022 11:56:38 GMT\r\n\r\n&amp;#34;,&#xA;                            &amp;#34;response-body&amp;#34;: &amp;#34;\n\n\n\n\n\n\n&amp;lt;!DOCTYPE HTML PUBLIC \&amp;#34;-//W3C//DTD HTML 3.2//EN\&amp;#34;&amp;gt;\n&amp;lt;html&amp;gt;...&amp;#34;&#xA;                        },&#xA;                        {&#xA;                            &amp;#34;uri&amp;#34;: &amp;#34;http://localhost:8080/bodgeit/contact.jsp&amp;#34;,&#xA;                            &amp;#34;method&amp;#34;: &amp;#34;POST&amp;#34;,&#xA;                            &amp;#34;param&amp;#34;: &amp;#34;comments&amp;#34;,&#xA;                            &amp;#34;attack&amp;#34;: &amp;#34;&amp;lt;/td&amp;gt;&amp;lt;scrIpt&amp;gt;alert(1);&amp;lt;/scRipt&amp;gt;&amp;lt;td&amp;gt;&amp;#34;,&#xA;                            &amp;#34;evidence&amp;#34;: &amp;#34;&amp;lt;/td&amp;gt;&amp;lt;scrIpt&amp;gt;alert(1);&amp;lt;/scRipt&amp;gt;&amp;lt;td&amp;gt;&amp;#34;,&#xA;                            &amp;#34;otherinfo&amp;#34;: &amp;#34;&amp;#34;,&#xA;                            &amp;#34;request-header&amp;#34;: &amp;#34;POST http://localhost:8080/bodgeit/contact.jsp HTTP/1.1\r\nHost: localhost:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0)...&amp;#34;,&#xA;                            &amp;#34;request-body&amp;#34;: &amp;#34;null=&amp;amp;anticsrf=0.7583553183173598&amp;amp;comments=%3C%2Ftd%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Ctd%3E&amp;#34;,&#xA;                            &amp;#34;response-header&amp;#34;: &amp;#34;HTTP/1.1 200\r\nContent-Type: text/html;charset=ISO-8859-1\r\nContent-Length: 2025\r\nDate: Fri, 04 Feb 2022 11:56:35 GMT\r\n\r\n&amp;#34;,&#xA;                            &amp;#34;response-body&amp;#34;: &amp;#34;\n\n\n\n\n\n&amp;lt;!DOCTYPE HTML PUBLIC \&amp;#34;-//W3C//DTD HTML 3.2//EN\&amp;#34;&amp;gt;\n&amp;lt;html&amp;gt;...&amp;#34;&#xA;                        }&#xA;                    ],                   &#xA;                    &amp;#34;count&amp;#34;: &amp;#34;2&amp;#34;, &#xA;                    &amp;#34;solution&amp;#34;: &amp;#34;&amp;lt;p&amp;gt;Phase: Architecture and Design&amp;lt;/p&amp;gt;&amp;lt;p&amp;gt;Use a vetted library or framework that does not ...&amp;lt;/p&amp;gt;&amp;#34;,&#xA;                    &amp;#34;otherinfo&amp;#34;: &amp;#34;&amp;#34;,&#xA;                    &amp;#34;reference&amp;#34;: &amp;#34;&amp;lt;p&amp;gt;http://projects.webappsec.org/Cross-Site-Scripting&amp;lt;/p&amp;gt;&amp;lt;p&amp;gt;http://cwe.mitre.org/data/definitions/79.html&amp;lt;/p&amp;gt;&amp;#34;,&#xA;                    &amp;#34;cweid&amp;#34;: &amp;#34;79&amp;#34;,&#xA;                    &amp;#34;wascid&amp;#34;: &amp;#34;8&amp;#34;,&#xA;                    &amp;#34;sourceid&amp;#34;: &amp;#34;36977&amp;#34;,&#xA;                    &amp;#34;tags&amp;#34;:[ &#xA;                        {&#xA;                            &amp;#34;tag&amp;#34;: &amp;#34;OWASP_2021_A03&amp;#34;,&#xA;                            &amp;#34;link&amp;#34;: &amp;#34;https://owasp.org/Top10/A03_2021-Injection/&amp;#34;&#xA;                        },&#xA;                        {&#xA;                            &amp;#34;tag&amp;#34;: &amp;#34;WSTG-v42-INPV-01&amp;#34;,&#xA;                            &amp;#34;link&amp;#34;: &amp;#34;https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting&amp;#34;&#xA;                        },&#xA;                        {&#xA;                            &amp;#34;tag&amp;#34;: &amp;#34;OWASP_2017_A07&amp;#34;,&#xA;                            &amp;#34;link&amp;#34;: &amp;#34;https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS).html&amp;#34;&#xA;                        }&#xA;                    ]&#xA;                },&#xA;                ...&#xA;            ]&#xA;        }&#xA;    ]&#xA;}&#xA;&lt;/code&gt;&lt;/pre&gt;&#xA;&lt;h4 id=&#34;statistics-section&#34;&gt;Statistics Section &lt;a class=&#34;header-link&#34; href=&#34;#statistics-section&#34;&gt;&lt;svg class=&#34;fill-current o-60 hover-accent-color-light&#34; height=&#34;22px&#34; viewBox=&#34;0 0 24 24&#34; width=&#34;22px&#34; xmlns=&#34;http://www.w3.org/2000/svg&#34;&gt;&lt;path d=&#34;M0 0h24v24H0z&#34; fill=&#34;none&#34;/&gt;&lt;path d=&#34;M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z&#34; fill=&#34;currentColor&#34;/&gt;&lt;/svg&gt;&lt;/a&gt;&lt;/h4&gt;&#xA;&lt;p&gt;The report can also include statistics, per site and global, for example:&lt;/p&gt;</description>
+      <description>&lt;h1 id=&#34;traditional-json-report-with-requests-and-responses&#34;&gt;Traditional JSON Report with Requests and Responses&lt;/h1&gt;&#xA;&#xA;&lt;h3 id=&#34;sections&#34;&gt;Sections &lt;a class=&#34;header-link&#34; href=&#34;#sections&#34;&gt;&lt;svg class=&#34;fill-current o-60 hover-accent-color-light&#34; height=&#34;22px&#34; viewBox=&#34;0 0 24 24&#34; width=&#34;22px&#34; xmlns=&#34;http://www.w3.org/2000/svg&#34;&gt;&lt;path d=&#34;M0 0h24v24H0z&#34; fill=&#34;none&#34;/&gt;&lt;path d=&#34;M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z&#34; fill=&#34;currentColor&#34;/&gt;&lt;/svg&gt;&lt;/a&gt;&lt;/h3&gt;&#xA;&lt;table&gt;&#xA;  &lt;thead&gt;&#xA;      &lt;tr&gt;&#xA;          &lt;th style=&#34;text-align: left&#34;&gt;Section&lt;/th&gt;&#xA;          &lt;th style=&#34;text-align: left&#34;&gt;ID&lt;/th&gt;&#xA;      &lt;/tr&gt;&#xA;  &lt;/thead&gt;&#xA;  &lt;tbody&gt;&#xA;      &lt;tr&gt;&#xA;          &lt;td style=&#34;text-align: left&#34;&gt;Statistics&lt;/td&gt;&#xA;          &lt;td style=&#34;text-align: left&#34;&gt;statistics&lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &lt;tr&gt;&#xA;          &lt;td style=&#34;text-align: left&#34;&gt;Sequence Details&lt;/td&gt;&#xA;          &lt;td style=&#34;text-align: left&#34;&gt;sequencedetails&lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &lt;tr&gt;&#xA;          &lt;td style=&#34;text-align: left&#34;&gt;Automation Framework State&lt;/td&gt;&#xA;          &lt;td style=&#34;text-align: left&#34;&gt;afstate&lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;  &lt;/tbody&gt;&#xA;&lt;/table&gt;&#xA;&#xA;&lt;h3 id=&#34;sample&#34;&gt;Sample &lt;a class=&#34;header-link&#34; href=&#34;#sample&#34;&gt;&lt;svg class=&#34;fill-current o-60 hover-accent-color-light&#34; height=&#34;22px&#34; viewBox=&#34;0 0 24 24&#34; width=&#34;22px&#34; xmlns=&#34;http://www.w3.org/2000/svg&#34;&gt;&lt;path d=&#34;M0 0h24v24H0z&#34; fill=&#34;none&#34;/&gt;&lt;path d=&#34;M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z&#34; fill=&#34;currentColor&#34;/&gt;&lt;/svg&gt;&lt;/a&gt;&lt;/h3&gt;&#xA;&lt;pre tabindex=&#34;0&#34;&gt;&lt;code&gt;{&#xA;    &amp;#34;@version&amp;#34;: &amp;#34;Dev Build&amp;#34;,&#xA;    &amp;#34;@generated&amp;#34;: &amp;#34;Fri, 4 Feb 2022 13:04:51&amp;#34;,&#xA;    &amp;#34;created&amp;#34;: &amp;#34;2022-02-04T13:04:51.236211400Z&amp;#34;,&#xA;    &amp;#34;site&amp;#34;:[&#xA;        {&#xA;            &amp;#34;@name&amp;#34;: &amp;#34;http://localhost:8080&amp;#34;,&#xA;            &amp;#34;@host&amp;#34;: &amp;#34;localhost&amp;#34;,&#xA;            &amp;#34;@port&amp;#34;: &amp;#34;8080&amp;#34;,&#xA;            &amp;#34;@ssl&amp;#34;: &amp;#34;false&amp;#34;,&#xA;            &amp;#34;alerts&amp;#34;: [&#xA;                {&#xA;                    &amp;#34;pluginid&amp;#34;: &amp;#34;40012&amp;#34;,&#xA;                    &amp;#34;alertRef&amp;#34;: &amp;#34;40012&amp;#34;,&#xA;                    &amp;#34;alert&amp;#34;: &amp;#34;Cross Site Scripting (Reflected)&amp;#34;,&#xA;                    &amp;#34;name&amp;#34;: &amp;#34;Cross Site Scripting (Reflected)&amp;#34;,&#xA;                    &amp;#34;riskcode&amp;#34;: &amp;#34;3&amp;#34;,&#xA;                    &amp;#34;confidence&amp;#34;: &amp;#34;2&amp;#34;,&#xA;                    &amp;#34;riskdesc&amp;#34;: &amp;#34;High (Medium)&amp;#34;,&#xA;                    &amp;#34;desc&amp;#34;: &amp;#34;&amp;lt;p&amp;gt;Cross-site Scripting (XSS) is an attack technique that involves ...&amp;lt;/p&amp;gt;&amp;#34;,&#xA;                    &amp;#34;instances&amp;#34;:[&#xA;                        {&#xA;                            &amp;#34;uri&amp;#34;: &amp;#34;http://localhost:8080/bodgeit/search.jsp?q=%3C%2Ffont%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cfont%3E&amp;#34;,&#xA;                            &amp;#34;nodeName&amp;#34;: &amp;#34;http://localhost:8080/bodgeit/search.jsp (q)&amp;#34;,&#xA;                            &amp;#34;method&amp;#34;: &amp;#34;GET&amp;#34;,&#xA;                            &amp;#34;param&amp;#34;: &amp;#34;q&amp;#34;,&#xA;                            &amp;#34;attack&amp;#34;: &amp;#34;&amp;lt;/font&amp;gt;&amp;lt;scrIpt&amp;gt;alert(1);&amp;lt;/scRipt&amp;gt;&amp;lt;font&amp;gt;&amp;#34;,&#xA;                            &amp;#34;evidence&amp;#34;: &amp;#34;&amp;lt;/font&amp;gt;&amp;lt;scrIpt&amp;gt;alert(1);&amp;lt;/scRipt&amp;gt;&amp;lt;font&amp;gt;&amp;#34;,&#xA;                            &amp;#34;otherinfo&amp;#34;: &amp;#34;&amp;#34;,&#xA;                            &amp;#34;request-header&amp;#34;: &amp;#34;GET http://localhost:8080/bodgeit/search.jsp?q=%3C%2Ffont%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cfont%3E HTTP/1.1\r\n...&amp;#34;,&#xA;                            &amp;#34;request-body&amp;#34;: &amp;#34;&amp;#34;,&#xA;                            &amp;#34;response-header&amp;#34;: &amp;#34;HTTP/1.1 200\r\nContent-Type: text/html;charset=ISO-8859-1\r\nContent-Length: 2045\r\nDate: Fri, 04 Feb 2022 11:56:38 GMT\r\n\r\n&amp;#34;,&#xA;                            &amp;#34;response-body&amp;#34;: &amp;#34;\n\n\n\n\n\n\n&amp;lt;!DOCTYPE HTML PUBLIC \&amp;#34;-//W3C//DTD HTML 3.2//EN\&amp;#34;&amp;gt;\n&amp;lt;html&amp;gt;...&amp;#34;&#xA;                        },&#xA;                        {&#xA;                            &amp;#34;uri&amp;#34;: &amp;#34;http://localhost:8080/bodgeit/contact.jsp&amp;#34;,&#xA;                            &amp;#34;nodeName&amp;#34;: &amp;#34;http://localhost:8080/bodgeit/contact.jsp&amp;#34;,&#xA;                            &amp;#34;method&amp;#34;: &amp;#34;POST&amp;#34;,&#xA;                            &amp;#34;param&amp;#34;: &amp;#34;comments&amp;#34;,&#xA;                            &amp;#34;attack&amp;#34;: &amp;#34;&amp;lt;/td&amp;gt;&amp;lt;scrIpt&amp;gt;alert(1);&amp;lt;/scRipt&amp;gt;&amp;lt;td&amp;gt;&amp;#34;,&#xA;                            &amp;#34;evidence&amp;#34;: &amp;#34;&amp;lt;/td&amp;gt;&amp;lt;scrIpt&amp;gt;alert(1);&amp;lt;/scRipt&amp;gt;&amp;lt;td&amp;gt;&amp;#34;,&#xA;                            &amp;#34;otherinfo&amp;#34;: &amp;#34;&amp;#34;,&#xA;                            &amp;#34;request-header&amp;#34;: &amp;#34;POST http://localhost:8080/bodgeit/contact.jsp HTTP/1.1\r\nHost: localhost:8080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0)...&amp;#34;,&#xA;                            &amp;#34;request-body&amp;#34;: &amp;#34;null=&amp;amp;anticsrf=0.7583553183173598&amp;amp;comments=%3C%2Ftd%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Ctd%3E&amp;#34;,&#xA;                            &amp;#34;response-header&amp;#34;: &amp;#34;HTTP/1.1 200\r\nContent-Type: text/html;charset=ISO-8859-1\r\nContent-Length: 2025\r\nDate: Fri, 04 Feb 2022 11:56:35 GMT\r\n\r\n&amp;#34;,&#xA;                            &amp;#34;response-body&amp;#34;: &amp;#34;\n\n\n\n\n\n&amp;lt;!DOCTYPE HTML PUBLIC \&amp;#34;-//W3C//DTD HTML 3.2//EN\&amp;#34;&amp;gt;\n&amp;lt;html&amp;gt;...&amp;#34;&#xA;                        }&#xA;                    ],                   &#xA;                    &amp;#34;count&amp;#34;: &amp;#34;2&amp;#34;, &#xA;                    &amp;#34;systemic&amp;#34;: false, &#xA;                    &amp;#34;solution&amp;#34;: &amp;#34;&amp;lt;p&amp;gt;Phase: Architecture and Design&amp;lt;/p&amp;gt;&amp;lt;p&amp;gt;Use a vetted library or framework that does not ...&amp;lt;/p&amp;gt;&amp;#34;,&#xA;                    &amp;#34;otherinfo&amp;#34;: &amp;#34;&amp;#34;,&#xA;                    &amp;#34;reference&amp;#34;: &amp;#34;&amp;lt;p&amp;gt;http://projects.webappsec.org/Cross-Site-Scripting&amp;lt;/p&amp;gt;&amp;lt;p&amp;gt;http://cwe.mitre.org/data/definitions/79.html&amp;lt;/p&amp;gt;&amp;#34;,&#xA;                    &amp;#34;cweid&amp;#34;: &amp;#34;79&amp;#34;,&#xA;                    &amp;#34;wascid&amp;#34;: &amp;#34;8&amp;#34;,&#xA;                    &amp;#34;sourceid&amp;#34;: &amp;#34;36977&amp;#34;,&#xA;                    &amp;#34;tags&amp;#34;:[ &#xA;                        {&#xA;                            &amp;#34;tag&amp;#34;: &amp;#34;OWASP_2021_A03&amp;#34;,&#xA;                            &amp;#34;link&amp;#34;: &amp;#34;https://owasp.org/Top10/A03_2021-Injection/&amp;#34;&#xA;                        },&#xA;                        {&#xA;                            &amp;#34;tag&amp;#34;: &amp;#34;WSTG-v42-INPV-01&amp;#34;,&#xA;                            &amp;#34;link&amp;#34;: &amp;#34;https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting&amp;#34;&#xA;                        },&#xA;                        {&#xA;                            &amp;#34;tag&amp;#34;: &amp;#34;OWASP_2017_A07&amp;#34;,&#xA;                            &amp;#34;link&amp;#34;: &amp;#34;https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS).html&amp;#34;&#xA;                        }&#xA;                    ]&#xA;                },&#xA;                ...&#xA;            ]&#xA;        }&#xA;    ]&#xA;}&#xA;&lt;/code&gt;&lt;/pre&gt;&#xA;&lt;h4 id=&#34;statistics-section&#34;&gt;Statistics Section &lt;a class=&#34;header-link&#34; href=&#34;#statistics-section&#34;&gt;&lt;svg class=&#34;fill-current o-60 hover-accent-color-light&#34; height=&#34;22px&#34; viewBox=&#34;0 0 24 24&#34; width=&#34;22px&#34; xmlns=&#34;http://www.w3.org/2000/svg&#34;&gt;&lt;path d=&#34;M0 0h24v24H0z&#34; fill=&#34;none&#34;/&gt;&lt;path d=&#34;M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z&#34; fill=&#34;currentColor&#34;/&gt;&lt;/svg&gt;&lt;/a&gt;&lt;/h4&gt;&#xA;&lt;p&gt;The report can also include statistics, per site and global, for example:&lt;/p&gt;</description>
     </item>
     <item>
       <title>Traditional Markdown Report</title>
@@ -117,14 +117,14 @@
       <link>/docs/desktop/addons/report-generation/report-traditional-xml/</link>
       <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
       <guid>/docs/desktop/addons/report-generation/report-traditional-xml/</guid>
-      <description>&lt;h1 id=&#34;traditional-xml-report&#34;&gt;Traditional XML Report&lt;/h1&gt;&#xA;&#xA;&lt;h3 id=&#34;sample&#34;&gt;Sample &lt;a class=&#34;header-link&#34; href=&#34;#sample&#34;&gt;&lt;svg class=&#34;fill-current o-60 hover-accent-color-light&#34; height=&#34;22px&#34; viewBox=&#34;0 0 24 24&#34; width=&#34;22px&#34; xmlns=&#34;http://www.w3.org/2000/svg&#34;&gt;&lt;path d=&#34;M0 0h24v24H0z&#34; fill=&#34;none&#34;/&gt;&lt;path d=&#34;M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z&#34; fill=&#34;currentColor&#34;/&gt;&lt;/svg&gt;&lt;/a&gt;&lt;/h3&gt;&#xA;&lt;pre tabindex=&#34;0&#34;&gt;&lt;code&gt;&amp;lt;?xml version=&amp;#34;1.0&amp;#34;?&amp;gt;&#xA;&amp;lt;OWASPZAPReport version=&amp;#34;Dev Build&amp;#34; generated=&amp;#34;Fri, 4 Feb 2022 17:42:18&amp;#34; created=&amp;#34;2022-02-04T17:42:18.236211400Z&amp;#34;&amp;gt;&#xA;    &#xA;        &amp;lt;site name=&amp;#34;http://localhost:8080&amp;#34; host=&amp;#34;localhost&amp;#34; port=&amp;#34;8080&amp;#34; ssl=&amp;#34;false&amp;#34;&amp;gt;&#xA;            &amp;lt;alerts&amp;gt;&#xA;&#xA;                    &amp;lt;alertitem&amp;gt;&#xA;                        &amp;lt;pluginid&amp;gt;20012&amp;lt;/pluginid&amp;gt;&#xA;                        &amp;lt;alertRef&amp;gt;20012&amp;lt;/alertRef&amp;gt;&#xA;                        &amp;lt;alert&amp;gt;Anti-CSRF Tokens Check&amp;lt;/alert&amp;gt;&#xA;                        &amp;lt;name&amp;gt;Anti-CSRF Tokens Check&amp;lt;/name&amp;gt;&#xA;                        &amp;lt;riskcode&amp;gt;3&amp;lt;/riskcode&amp;gt;&#xA;                        &amp;lt;confidence&amp;gt;2&amp;lt;/confidence&amp;gt;&#xA;                        &amp;lt;riskdesc&amp;gt;High (Medium)&amp;lt;/riskdesc&amp;gt;&#xA;                        &amp;lt;confidencedesc&amp;gt;Medium&amp;lt;/confidencedesc&amp;gt;&#xA;                        &amp;lt;desc&amp;gt;&amp;lt;p&amp;gt;A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge...&amp;lt;/desc&amp;gt;&#xA;                        &amp;lt;instances&amp;gt;&#xA;&#xA;                                &amp;lt;instance&amp;gt;&#xA;                                    &amp;lt;uri&amp;gt;http://localhost:8080/bodgeit/advanced.jsp&amp;lt;/uri&amp;gt;&#xA;                                    &amp;lt;method&amp;gt;GET&amp;lt;/method&amp;gt;&#xA;                                    &amp;lt;param&amp;gt;&amp;lt;/param&amp;gt;&#xA;                                    &amp;lt;attack&amp;gt;&amp;lt;/attack&amp;gt;&#xA;                                    &amp;lt;evidence&amp;gt;&amp;lt;form id=&amp;#34;advanced&amp;#34; name=&amp;#34;advanced&amp;#34; method=&amp;#34;POST&amp;#34; onsubmit=&amp;#34;return validateForm(this);false;&amp;#34;&amp;gt;&amp;lt;/evidence&amp;gt;&#xA;                                    &amp;lt;otherinfo&amp;gt;&amp;lt;/otherinfo&amp;gt;&#xA;                                &amp;lt;/instance&amp;gt;&#xA;&#xA;                                &amp;lt;instance&amp;gt;&#xA;                                    &amp;lt;uri&amp;gt;http://localhost:8080/bodgeit/advanced.jsp&amp;lt;/uri&amp;gt;&#xA;                                    &amp;lt;method&amp;gt;GET&amp;lt;/method&amp;gt;&#xA;                                    &amp;lt;param&amp;gt;&amp;lt;/param&amp;gt;&#xA;                                    &amp;lt;attack&amp;gt;&amp;lt;/attack&amp;gt;&#xA;                                    &amp;lt;evidence&amp;gt;&amp;lt;form id=&amp;#34;query&amp;#34; name=&amp;#34;advanced&amp;#34; method=&amp;#34;POST&amp;#34;&amp;gt;&amp;lt;/evidence&amp;gt;&#xA;                                    &amp;lt;otherinfo&amp;gt;&amp;lt;/otherinfo&amp;gt;&#xA;                                &amp;lt;/instance&amp;gt;&#xA;&#xA;                                &amp;lt;instance&amp;gt;&#xA;                                    &amp;lt;uri&amp;gt;http://localhost:8080/bodgeit/basket.jsp&amp;lt;/uri&amp;gt;&#xA;                                    &amp;lt;method&amp;gt;GET&amp;lt;/method&amp;gt;&#xA;                                    &amp;lt;param&amp;gt;&amp;lt;/param&amp;gt;&#xA;                                    &amp;lt;attack&amp;gt;&amp;lt;/attack&amp;gt;&#xA;                                    &amp;lt;evidence&amp;gt;&amp;lt;form action=&amp;#34;basket.jsp&amp;#34; method=&amp;#34;post&amp;#34;&amp;gt;&amp;lt;/evidence&amp;gt;&#xA;                                    &amp;lt;otherinfo&amp;gt;&amp;lt;/otherinfo&amp;gt;&#xA;                                &amp;lt;/instance&amp;gt;&#xA;&lt;/code&gt;&lt;/pre&gt;</description>
+      <description>&lt;h1 id=&#34;traditional-xml-report&#34;&gt;Traditional XML Report&lt;/h1&gt;&#xA;&#xA;&lt;h3 id=&#34;sample&#34;&gt;Sample &lt;a class=&#34;header-link&#34; href=&#34;#sample&#34;&gt;&lt;svg class=&#34;fill-current o-60 hover-accent-color-light&#34; height=&#34;22px&#34; viewBox=&#34;0 0 24 24&#34; width=&#34;22px&#34; xmlns=&#34;http://www.w3.org/2000/svg&#34;&gt;&lt;path d=&#34;M0 0h24v24H0z&#34; fill=&#34;none&#34;/&gt;&lt;path d=&#34;M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z&#34; fill=&#34;currentColor&#34;/&gt;&lt;/svg&gt;&lt;/a&gt;&lt;/h3&gt;&#xA;&lt;pre tabindex=&#34;0&#34;&gt;&lt;code&gt;&amp;lt;?xml version=&amp;#34;1.0&amp;#34;?&amp;gt;&#xA;&amp;lt;OWASPZAPReport version=&amp;#34;Dev Build&amp;#34; generated=&amp;#34;Fri, 4 Feb 2022 17:42:18&amp;#34; created=&amp;#34;2022-02-04T17:42:18.236211400Z&amp;#34;&amp;gt;&#xA;    &#xA;        &amp;lt;site name=&amp;#34;http://localhost:8080&amp;#34; host=&amp;#34;localhost&amp;#34; port=&amp;#34;8080&amp;#34; ssl=&amp;#34;false&amp;#34;&amp;gt;&#xA;            &amp;lt;alerts&amp;gt;&#xA;&#xA;                    &amp;lt;alertitem&amp;gt;&#xA;                        &amp;lt;pluginid&amp;gt;20012&amp;lt;/pluginid&amp;gt;&#xA;                        &amp;lt;alertRef&amp;gt;20012&amp;lt;/alertRef&amp;gt;&#xA;                        &amp;lt;alert&amp;gt;Anti-CSRF Tokens Check&amp;lt;/alert&amp;gt;&#xA;                        &amp;lt;name&amp;gt;Anti-CSRF Tokens Check&amp;lt;/name&amp;gt;&#xA;                        &amp;lt;riskcode&amp;gt;3&amp;lt;/riskcode&amp;gt;&#xA;                        &amp;lt;confidence&amp;gt;2&amp;lt;/confidence&amp;gt;&#xA;                        &amp;lt;riskdesc&amp;gt;High (Medium)&amp;lt;/riskdesc&amp;gt;&#xA;                        &amp;lt;confidencedesc&amp;gt;Medium&amp;lt;/confidencedesc&amp;gt;&#xA;                        &amp;lt;desc&amp;gt;&amp;lt;p&amp;gt;A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge...&amp;lt;/desc&amp;gt;&#xA;                        &amp;lt;instances&amp;gt;&#xA;                                &amp;lt;instance&amp;gt;&#xA;                                    &amp;lt;uri&amp;gt;http://localhost:8080/bodgeit/advanced.jsp&amp;lt;/uri&amp;gt;&#xA;                                    &amp;lt;nodeName&amp;gt;http://localhost:8080/bodgeit/advanced.jsp&amp;lt;/nodeName&amp;gt;&#xA;                                    &amp;lt;method&amp;gt;GET&amp;lt;/method&amp;gt;&#xA;                                    &amp;lt;param&amp;gt;&amp;lt;/param&amp;gt;&#xA;                                    &amp;lt;attack&amp;gt;&amp;lt;/attack&amp;gt;&#xA;                                    &amp;lt;evidence&amp;gt;&amp;lt;form id=&amp;#34;advanced&amp;#34; name=&amp;#34;advanced&amp;#34; method=&amp;#34;POST&amp;#34; onsubmit=&amp;#34;return validateForm(this);false;&amp;#34;&amp;gt;&amp;lt;/evidence&amp;gt;&#xA;                                    &amp;lt;otherinfo&amp;gt;&amp;lt;/otherinfo&amp;gt;&#xA;                                &amp;lt;/instance&amp;gt;&#xA;&#xA;                                &amp;lt;instance&amp;gt;&#xA;                                    &amp;lt;uri&amp;gt;http://localhost:8080/bodgeit/advanced.jsp&amp;lt;/uri&amp;gt;&#xA;                                    &amp;lt;nodeName&amp;gt;http://localhost:8080/bodgeit/advanced.jsp&amp;lt;/nodeName&amp;gt;&#xA;                                    &amp;lt;method&amp;gt;GET&amp;lt;/method&amp;gt;&#xA;                                    &amp;lt;param&amp;gt;&amp;lt;/param&amp;gt;&#xA;                                    &amp;lt;attack&amp;gt;&amp;lt;/attack&amp;gt;&#xA;                                    &amp;lt;evidence&amp;gt;&amp;lt;form id=&amp;#34;query&amp;#34; name=&amp;#34;advanced&amp;#34; method=&amp;#34;POST&amp;#34;&amp;gt;&amp;lt;/evidence&amp;gt;&#xA;                                    &amp;lt;otherinfo&amp;gt;&amp;lt;/otherinfo&amp;gt;&#xA;                                &amp;lt;/instance&amp;gt;&#xA;&#xA;                                &amp;lt;instance&amp;gt;&#xA;                                    &amp;lt;uri&amp;gt;http://localhost:8080/bodgeit/basket.jsp&amp;lt;/uri&amp;gt;&#xA;                                    &amp;lt;nodeName&amp;gt;http://localhost:8080/bodgeit/basket.jsp&amp;lt;/nodeName&amp;gt;&#xA;                                    &amp;lt;method&amp;gt;GET&amp;lt;/method&amp;gt;&#xA;                                    &amp;lt;param&amp;gt;&amp;lt;/param&amp;gt;&#xA;                                    &amp;lt;attack&amp;gt;&amp;lt;/attack&amp;gt;&#xA;                                    &amp;lt;evidence&amp;gt;&amp;lt;form action=&amp;#34;basket.jsp&amp;#34; method=&amp;#34;post&amp;#34;&amp;gt;&amp;lt;/evidence&amp;gt;&#xA;                                    &amp;lt;otherinfo&amp;gt;&amp;lt;/otherinfo&amp;gt;&#xA;                                &amp;lt;/instance&amp;gt;&#xA;                        &amp;lt;count&amp;gt;2&amp;lt;/count&amp;gt;&#xA;                        &amp;lt;systemic&amp;gt;false&amp;lt;/systemic&amp;gt;&#xA;                        &amp;lt;solution&amp;gt;The solution&amp;lt;/solution&amp;gt;&#xA;                        &amp;lt;otherinfo&amp;gt;The other info&amp;lt;/otherinfo&amp;gt;&#xA;&lt;/code&gt;&lt;/pre&gt;</description>
     </item>
     <item>
       <title>Traditional XML Report with Requests and Responses</title>
       <link>/docs/desktop/addons/report-generation/report-traditional-xml-plus/</link>
       <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
       <guid>/docs/desktop/addons/report-generation/report-traditional-xml-plus/</guid>
-      <description>&lt;h1 id=&#34;traditional-xml-report-with-requests-and-responses&#34;&gt;Traditional XML Report with Requests and Responses&lt;/h1&gt;&#xA;&#xA;&lt;h3 id=&#34;sample&#34;&gt;Sample &lt;a class=&#34;header-link&#34; href=&#34;#sample&#34;&gt;&lt;svg class=&#34;fill-current o-60 hover-accent-color-light&#34; height=&#34;22px&#34; viewBox=&#34;0 0 24 24&#34; width=&#34;22px&#34; xmlns=&#34;http://www.w3.org/2000/svg&#34;&gt;&lt;path d=&#34;M0 0h24v24H0z&#34; fill=&#34;none&#34;/&gt;&lt;path d=&#34;M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z&#34; fill=&#34;currentColor&#34;/&gt;&lt;/svg&gt;&lt;/a&gt;&lt;/h3&gt;&#xA;&lt;pre tabindex=&#34;0&#34;&gt;&lt;code&gt;        &amp;lt;?xml version=&amp;#34;1.0&amp;#34;?&amp;gt;&#xA;        &amp;lt;OWASPZAPReport version=&amp;#34;2.11.1&amp;#34; generated=&amp;#34;Fr., 30 Sep. 2022 08:40:35&amp;#34; created=&amp;#34;2022-09-30T08:40:35.236211400Z&amp;#34;&amp;gt;&#xA;                        &amp;lt;site name=&amp;#34;http://localhost:8080&amp;#34; host=&amp;#34;localhost&amp;#34; port=&amp;#34;8080&amp;#34; ssl=&amp;#34;false&amp;#34;&amp;gt;&#xA;                                &amp;lt;alerts&amp;gt;&#xA;                                        &#xA;                                                &amp;lt;alertitem&amp;gt;&#xA;                                                        &amp;lt;pluginid&amp;gt;90027&amp;lt;/pluginid&amp;gt;&#xA;                                                        &amp;lt;alertRef&amp;gt;90027&amp;lt;/alertRef&amp;gt;&#xA;                                                        &amp;lt;alert&amp;gt;Cookie Slack Detector&amp;lt;/alert&amp;gt;&#xA;                                                        &amp;lt;name&amp;gt;Cookie Slack Detector&amp;lt;/name&amp;gt;&#xA;                                                        &amp;lt;riskcode&amp;gt;1&amp;lt;/riskcode&amp;gt;&#xA;                                                        &amp;lt;confidence&amp;gt;1&amp;lt;/confidence&amp;gt;&#xA;                                                        &amp;lt;riskdesc&amp;gt;Low (Low)&amp;lt;/riskdesc&amp;gt;&#xA;                                                        &amp;lt;confidencedesc&amp;gt;Low&amp;lt;/confidencedesc&amp;gt;&#xA;                                                        &amp;lt;desc&amp;gt;Repeated GET requests: drop a different cookie each time, followed by normal request with all cookies to stabilize session, compare responses against original baseline GET. This can reveal areas where cookie based authentication/attributes are not actually enforced.&amp;lt;/desc&amp;gt;&#xA;                                                        &amp;lt;instances&amp;gt;&#xA;                                                                &#xA;                                                                        &amp;lt;instance&amp;gt;&#xA;                                                                                &amp;lt;uri&amp;gt;http://localhost:8080/bodgeit/js&amp;lt;/uri&amp;gt;&#xA;                                                                                &amp;lt;method&amp;gt;GET&amp;lt;/method&amp;gt;&#xA;                                                                                &amp;lt;param&amp;gt;&amp;lt;/param&amp;gt;&#xA;                                                                                &amp;lt;attack&amp;gt;&amp;lt;/attack&amp;gt;&#xA;                                                                                &amp;lt;evidence&amp;gt;&amp;lt;/evidence&amp;gt;&#xA;                                                                                &amp;lt;otherinfo&amp;gt;&amp;lt;/otherinfo&amp;gt;&#xA;                                                                                &amp;lt;requestheader&amp;gt;GET http://localhost:8080/bodgeit/js HTTP/1.1&#xA;        Host: localhost:8080&#xA;        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0&#xA;        Accept: */*&#xA;        Accept-Language: de,en-US;q=0.7,en;q=0.3&#xA;        Connection: keep-alive&#xA;        Referer: https://localhost:8080/bodgeit/&#xA;        Cookie: JSESSIONID=9E75E26E50F681208096FFAA0B566901&#xA;        Sec-Fetch-Dest: script&#xA;        Sec-Fetch-Mode: no-cors&#xA;        Sec-Fetch-Site: same-origin&#xA;        Content-Length: 0&#xA;        &#xA;        &amp;lt;/requestheader&amp;gt;&#xA;                                                                                &amp;lt;requestbody&amp;gt;&amp;lt;/requestbody&amp;gt;&#xA;                                                                                &amp;lt;responseheader&amp;gt;HTTP/1.1 302 Found&#xA;        Server: Apache-Coyote/1.1&#xA;        Location: /bodgeit/js/&#xA;        Content-Length: 0&#xA;        Date: Fri, 30 Sep 2022 06:40:17 GMT&#xA;        &#xA;        &amp;lt;/responseheader&amp;gt;&#xA;                                                                                &amp;lt;responsebody&amp;gt;&amp;lt;/responsebody&amp;gt;&#xA;                                                                        &amp;lt;/instance&amp;gt;&#xA;                                                                &#xA;                                                                &#xA;                                                                        &amp;lt;instance&amp;gt;&#xA;                                                                                &amp;lt;uri&amp;gt;http://localhost:8080/bodgeit/js/util.js&amp;lt;/uri&amp;gt;&#xA;                                                                                &amp;lt;method&amp;gt;GET&amp;lt;/method&amp;gt;&#xA;                                                                                &amp;lt;param&amp;gt;&amp;lt;/param&amp;gt;&#xA;                                                                                &amp;lt;attack&amp;gt;&amp;lt;/attack&amp;gt;&#xA;                                                                                &amp;lt;evidence&amp;gt;&amp;lt;/evidence&amp;gt;&#xA;                                                                                &amp;lt;otherinfo&amp;gt;&amp;lt;/otherinfo&amp;gt;&#xA;                                                                                &amp;lt;requestheader&amp;gt;GET http://localhost:8080/bodgeit/js/util.js HTTP/1.1&#xA;        Host: localhost:8080&#xA;        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0&#xA;        Accept: */*&#xA;        Accept-Language: de,en-US;q=0.7,en;q=0.3&#xA;        Connection: keep-alive&#xA;        Referer: https://localhost:8080/bodgeit/&#xA;        Cookie: JSESSIONID=9E75E26E50F681208096FFAA0B566901&#xA;        Sec-Fetch-Dest: script&#xA;        Sec-Fetch-Mode: no-cors&#xA;        Sec-Fetch-Site: same-origin&#xA;        Content-Length: 0&#xA;        &#xA;        &amp;lt;/requestheader&amp;gt;&#xA;                                                                                &amp;lt;requestbody&amp;gt;&amp;lt;/requestbody&amp;gt;&#xA;                                                                                &amp;lt;responseheader&amp;gt;HTTP/1.1 200 OK&#xA;        Server: Apache-Coyote/1.1&#xA;        Accept-Ranges: bytes&#xA;        ETag: W/&amp;amp;quot;1812-1343651578000&amp;amp;quot;&#xA;        Last-Modified: Mon, 30 Jul 2012 12:32:58 GMT&#xA;        Content-Type: application/javascript&#xA;        Content-Length: 1812&#xA;        Date: Fri, 30 Sep 2022 06:40:17 GMT&#xA;        &#xA;        &amp;lt;/responseheader&amp;gt;&#xA;                                                                                &amp;lt;responsebody&amp;gt;&#xA;        function loadfile(filename){&#xA;                var filetype = filename.split(&amp;amp;apos;.&amp;amp;apos;).pop();&#xA;                switch (filetype){&#xA;                case &amp;amp;quot;js&amp;amp;quot;:&#xA;                        var insert=document.createElement(&amp;amp;apos;script&amp;amp;apos;)&#xA;                        insert.setAttribute(&amp;amp;quot;type&amp;amp;quot;,&amp;amp;quot;text/javascript&amp;amp;quot;)&#xA;                        insert.setAttribute(&amp;amp;quot;src&amp;amp;quot;, filename)&#xA;                        break;&#xA;                case &amp;amp;apos;css&amp;amp;apos;:&#xA;                var insert=document.createElement(&amp;amp;quot;link&amp;amp;quot;);&#xA;                insert.setAttribute(&amp;amp;quot;type&amp;amp;quot;, &amp;amp;quot;text/css&amp;amp;quot;)&#xA;                insert.setAttribute(&amp;amp;quot;href&amp;amp;quot;, filename)&#xA;                insert.setAttribute(&amp;amp;quot;rel&amp;amp;quot;, &amp;amp;quot;stylesheet&amp;amp;quot;)&#xA;                break;&#xA;                }&#xA;                if (typeof insert!=&amp;amp;quot;undefined&amp;amp;quot;)&#xA;                document.getElementsByTagName(&amp;amp;quot;head&amp;amp;quot;)[0].appendChild(insert);&#xA;                return false;&#xA;        }&#xA;        &#xA;        &#xA;        ////The following is from:&#xA;        //http://stackoverflow.com/questions/316781/how-to-build-query-string-with-javascript&#xA;        &#xA;        function form_to_params( form )&#xA;        {&#xA;                var output = &amp;amp;quot;&amp;amp;quot;;&#xA;                var length = form.elements.length&#xA;                for( var i = 0; i &amp;amp;lt; length; i++ )&#xA;                {&#xA;                element = form.elements[i]&#xA;        &#xA;                if(element.tagName == &amp;amp;apos;TEXTAREA&amp;amp;apos; )&#xA;                {&#xA;                        output += &amp;amp;quot;|&amp;amp;quot; + element.name + &amp;amp;quot;:&amp;amp;quot; + element.value; &#xA;                }&#xA;                else if( element.tagName == &amp;amp;apos;INPUT&amp;amp;apos; )&#xA;                {&#xA;                        switch(element.type){&#xA;                        case &amp;amp;apos;radio&amp;amp;apos;:&#xA;                        case &amp;amp;apos;checkbox&amp;amp;apos;:&#xA;                                if(element.checked &amp;amp;amp;&amp;amp;amp; !element.value){&#xA;                                output += &amp;amp;quot;|&amp;amp;quot; + element.name + &amp;amp;quot;:on&amp;amp;quot;;&#xA;                                break;&#xA;                                }&#xA;                        case &amp;amp;apos;text&amp;amp;apos;:&#xA;                        case &amp;amp;apos;hidden&amp;amp;apos;:&#xA;                        case &amp;amp;apos;password&amp;amp;apos;:&#xA;                                if(element.value)&#xA;                                output += &amp;amp;quot;|&amp;amp;quot; + element.name + &amp;amp;quot;:&amp;amp;quot; + element.value;&#xA;                        break;     &#xA;                        }&#xA;                }&#xA;                }&#xA;                return output.substring(1);&#xA;        }&#xA;        &#xA;        &#xA;        function htmlEntities(str) {&#xA;                return String(str).replace(/&amp;amp;amp;/g, &amp;amp;apos;&amp;amp;amp;amp;&amp;amp;apos;).replace(/&amp;amp;lt;/g, &amp;amp;apos;&amp;amp;amp;lt;&amp;amp;apos;).replace(/&amp;amp;gt;/g, &amp;amp;apos;&amp;amp;amp;gt;&amp;amp;apos;).replace(/&amp;amp;quot;/g, &amp;amp;apos;&amp;amp;amp;quot;&amp;amp;apos;);&#xA;        }&amp;lt;/responsebody&amp;gt;&#xA;                                                                        &amp;lt;/instance&amp;gt;&#xA;                                                                &#xA;                                                        &amp;lt;/instances&amp;gt;&#xA;                                                        &amp;lt;count&amp;gt;3&amp;lt;/count&amp;gt;&#xA;                                                        &amp;lt;solution&amp;gt;&amp;lt;/solution&amp;gt;&#xA;                                                        &amp;lt;otherinfo&amp;gt;NOTE: Because of its name this cookie may be important, but dropping it appears to have no effect: [JSESSIONID] &#xA;        Cookies that don&amp;amp;apos;t have expected effects can reveal flaws in application logic. In the worst case, this can reveal where authentication via cookie token(s) is not actually enforced.&#xA;        These cookies affected the response: &#xA;        These cookies did NOT affect the response: JSESSIONID&#xA;        &amp;lt;/otherinfo&amp;gt;&#xA;                                                        &amp;lt;reference&amp;gt;http://projects.webappsec.org/Fingerprinting&#xA;        &amp;lt;/reference&amp;gt;&#xA;                                                        &amp;lt;cweid&amp;gt;200&amp;lt;/cweid&amp;gt;&#xA;                                                        &amp;lt;wascid&amp;gt;45&amp;lt;/wascid&amp;gt;&#xA;                                                        &amp;lt;sourceid&amp;gt;2420&amp;lt;/sourceid&amp;gt;&#xA;                                                        &amp;lt;tags&amp;gt;&#xA;                                                                &amp;lt;tag&amp;gt;&#xA;                                                                        &amp;lt;tag&amp;gt;OWASP_2017_A06 &amp;lt;/tag&amp;gt;&#xA;                                                                        &amp;lt;link&amp;gt;https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html &amp;lt;/link&amp;gt;&#xA;                                                                &amp;lt;/tag&amp;gt;&#xA;                                                                &amp;lt;tag&amp;gt;&#xA;                                                                        &amp;lt;tag&amp;gt;OWASP_2021_A05 &amp;lt;/tag&amp;gt;&#xA;                                                                        &amp;lt;link&amp;gt;https://owasp.org/Top10/A05_2021-Security_Misconfiguration/ &amp;lt;/link&amp;gt;&#xA;                                                                &amp;lt;/tag&amp;gt;&#xA;                                                                &amp;lt;tag&amp;gt;&#xA;                                                                        &amp;lt;tag&amp;gt;WSTG-v42-SESS-02 &amp;lt;/tag&amp;gt;&#xA;                                                                        &amp;lt;link&amp;gt;https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes &amp;lt;/link&amp;gt;&#xA;                                                                &amp;lt;/tag&amp;gt;&#xA;&#xA;                                                        &amp;lt;/tags&amp;gt;&#xA;                                                &amp;lt;/alertitem&amp;gt;&#xA;                                &amp;lt;/alerts&amp;gt;&#xA;                                &amp;lt;statistics&amp;gt;&#xA;                                        &amp;lt;statistic&amp;gt;&#xA;                                                &amp;lt;key&amp;gt;site.specific.stat.a&amp;lt;/key&amp;gt;&#xA;                                                &amp;lt;value&amp;gt;1&amp;lt;/value&amp;gt;&#xA;                                        &amp;lt;/statistic&amp;gt;&#xA;                                        &amp;lt;statistic&amp;gt;&#xA;                                                &amp;lt;key&amp;gt;site.specific.stat.b&amp;lt;/key&amp;gt;&#xA;                                                &amp;lt;value&amp;gt;2&amp;lt;/value&amp;gt;&#xA;                                        &amp;lt;/statistic&amp;gt;&#xA;                                &amp;lt;/statistics&amp;gt;&#xA;                        &amp;lt;/site&amp;gt;&#xA;                        &amp;lt;statistics&amp;gt;&#xA;                                &amp;lt;statistic&amp;gt;&#xA;                                        &amp;lt;key&amp;gt;global.stat.a&amp;lt;/key&amp;gt;&#xA;                                        &amp;lt;value&amp;gt;1&amp;lt;/value&amp;gt;&#xA;                                &amp;lt;/statistic&amp;gt;&#xA;                                &amp;lt;statistic&amp;gt;&#xA;                                        &amp;lt;key&amp;gt;global.stat.b&amp;lt;/key&amp;gt;&#xA;                                        &amp;lt;value&amp;gt;2&amp;lt;/value&amp;gt;&#xA;                                &amp;lt;/statistic&amp;gt;&#xA;                        &amp;lt;/statistics&amp;gt;&#xA;        &amp;lt;/OWASPZAPReport&amp;gt;                &#xA;&lt;/code&gt;&lt;/pre&gt;</description>
+      <description>&lt;h1 id=&#34;traditional-xml-report-with-requests-and-responses&#34;&gt;Traditional XML Report with Requests and Responses&lt;/h1&gt;&#xA;&#xA;&lt;h3 id=&#34;sample&#34;&gt;Sample &lt;a class=&#34;header-link&#34; href=&#34;#sample&#34;&gt;&lt;svg class=&#34;fill-current o-60 hover-accent-color-light&#34; height=&#34;22px&#34; viewBox=&#34;0 0 24 24&#34; width=&#34;22px&#34; xmlns=&#34;http://www.w3.org/2000/svg&#34;&gt;&lt;path d=&#34;M0 0h24v24H0z&#34; fill=&#34;none&#34;/&gt;&lt;path d=&#34;M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z&#34; fill=&#34;currentColor&#34;/&gt;&lt;/svg&gt;&lt;/a&gt;&lt;/h3&gt;&#xA;&lt;pre tabindex=&#34;0&#34;&gt;&lt;code&gt;        &amp;lt;?xml version=&amp;#34;1.0&amp;#34;?&amp;gt;&#xA;        &amp;lt;OWASPZAPReport version=&amp;#34;2.11.1&amp;#34; generated=&amp;#34;Fr., 30 Sep. 2022 08:40:35&amp;#34; created=&amp;#34;2022-09-30T08:40:35.236211400Z&amp;#34;&amp;gt;&#xA;                        &amp;lt;site name=&amp;#34;http://localhost:8080&amp;#34; host=&amp;#34;localhost&amp;#34; port=&amp;#34;8080&amp;#34; ssl=&amp;#34;false&amp;#34;&amp;gt;&#xA;                                &amp;lt;alerts&amp;gt;&#xA;                                        &#xA;                                                &amp;lt;alertitem&amp;gt;&#xA;                                                        &amp;lt;pluginid&amp;gt;90027&amp;lt;/pluginid&amp;gt;&#xA;                                                        &amp;lt;alertRef&amp;gt;90027&amp;lt;/alertRef&amp;gt;&#xA;                                                        &amp;lt;alert&amp;gt;Cookie Slack Detector&amp;lt;/alert&amp;gt;&#xA;                                                        &amp;lt;name&amp;gt;Cookie Slack Detector&amp;lt;/name&amp;gt;&#xA;                                                        &amp;lt;riskcode&amp;gt;1&amp;lt;/riskcode&amp;gt;&#xA;                                                        &amp;lt;confidence&amp;gt;1&amp;lt;/confidence&amp;gt;&#xA;                                                        &amp;lt;riskdesc&amp;gt;Low (Low)&amp;lt;/riskdesc&amp;gt;&#xA;                                                        &amp;lt;confidencedesc&amp;gt;Low&amp;lt;/confidencedesc&amp;gt;&#xA;                                                        &amp;lt;desc&amp;gt;Repeated GET requests: drop a different cookie each time, followed by normal request with all cookies to stabilize session, compare responses against original baseline GET. This can reveal areas where cookie based authentication/attributes are not actually enforced.&amp;lt;/desc&amp;gt;&#xA;                                                        &amp;lt;instances&amp;gt;&#xA;                                                                &#xA;                                                                        &amp;lt;instance&amp;gt;&#xA;                                                                                &amp;lt;uri&amp;gt;http://localhost:8080/bodgeit/js&amp;lt;/uri&amp;gt;&#xA;                                                                                &amp;lt;nodeName&amp;gt;http://localhost:8080/bodgeit/js&amp;lt;/nodeName&amp;gt;&#xA;                                                                                &amp;lt;method&amp;gt;GET&amp;lt;/method&amp;gt;&#xA;                                                                                &amp;lt;param&amp;gt;&amp;lt;/param&amp;gt;&#xA;                                                                                &amp;lt;attack&amp;gt;&amp;lt;/attack&amp;gt;&#xA;                                                                                &amp;lt;evidence&amp;gt;&amp;lt;/evidence&amp;gt;&#xA;                                                                                &amp;lt;otherinfo&amp;gt;&amp;lt;/otherinfo&amp;gt;&#xA;                                                                                &amp;lt;requestheader&amp;gt;GET http://localhost:8080/bodgeit/js HTTP/1.1&#xA;        Host: localhost:8080&#xA;        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0&#xA;        Accept: */*&#xA;        Accept-Language: de,en-US;q=0.7,en;q=0.3&#xA;        Connection: keep-alive&#xA;        Referer: https://localhost:8080/bodgeit/&#xA;        Cookie: JSESSIONID=9E75E26E50F681208096FFAA0B566901&#xA;        Sec-Fetch-Dest: script&#xA;        Sec-Fetch-Mode: no-cors&#xA;        Sec-Fetch-Site: same-origin&#xA;        Content-Length: 0&#xA;        &#xA;        &amp;lt;/requestheader&amp;gt;&#xA;                                                                                &amp;lt;requestbody&amp;gt;&amp;lt;/requestbody&amp;gt;&#xA;                                                                                &amp;lt;responseheader&amp;gt;HTTP/1.1 302 Found&#xA;        Server: Apache-Coyote/1.1&#xA;        Location: /bodgeit/js/&#xA;        Content-Length: 0&#xA;        Date: Fri, 30 Sep 2022 06:40:17 GMT&#xA;        &#xA;        &amp;lt;/responseheader&amp;gt;&#xA;                                                                                &amp;lt;responsebody&amp;gt;&amp;lt;/responsebody&amp;gt;&#xA;                                                                        &amp;lt;/instance&amp;gt;&#xA;                                                                &#xA;                                                                &#xA;                                                                        &amp;lt;instance&amp;gt;&#xA;                                                                                &amp;lt;uri&amp;gt;http://localhost:8080/bodgeit/js/util.js&amp;lt;/uri&amp;gt;&#xA;                                                                                &amp;lt;nodeName&amp;gt;http://localhost:8080/bodgeit/js/util.js&amp;lt;/nodeName&amp;gt;&#xA;                                                                                &amp;lt;method&amp;gt;GET&amp;lt;/method&amp;gt;&#xA;                                                                                &amp;lt;param&amp;gt;&amp;lt;/param&amp;gt;&#xA;                                                                                &amp;lt;attack&amp;gt;&amp;lt;/attack&amp;gt;&#xA;                                                                                &amp;lt;evidence&amp;gt;&amp;lt;/evidence&amp;gt;&#xA;                                                                                &amp;lt;otherinfo&amp;gt;&amp;lt;/otherinfo&amp;gt;&#xA;                                                                                &amp;lt;requestheader&amp;gt;GET http://localhost:8080/bodgeit/js/util.js HTTP/1.1&#xA;        Host: localhost:8080&#xA;        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0&#xA;        Accept: */*&#xA;        Accept-Language: de,en-US;q=0.7,en;q=0.3&#xA;        Connection: keep-alive&#xA;        Referer: https://localhost:8080/bodgeit/&#xA;        Cookie: JSESSIONID=9E75E26E50F681208096FFAA0B566901&#xA;        Sec-Fetch-Dest: script&#xA;        Sec-Fetch-Mode: no-cors&#xA;        Sec-Fetch-Site: same-origin&#xA;        Content-Length: 0&#xA;        &#xA;        &amp;lt;/requestheader&amp;gt;&#xA;                                                                                &amp;lt;requestbody&amp;gt;&amp;lt;/requestbody&amp;gt;&#xA;                                                                                &amp;lt;responseheader&amp;gt;HTTP/1.1 200 OK&#xA;        Server: Apache-Coyote/1.1&#xA;        Accept-Ranges: bytes&#xA;        ETag: W/&amp;amp;quot;1812-1343651578000&amp;amp;quot;&#xA;        Last-Modified: Mon, 30 Jul 2012 12:32:58 GMT&#xA;        Content-Type: application/javascript&#xA;        Content-Length: 1812&#xA;        Date: Fri, 30 Sep 2022 06:40:17 GMT&#xA;        &#xA;        &amp;lt;/responseheader&amp;gt;&#xA;                                                                                &amp;lt;responsebody&amp;gt;&#xA;        function loadfile(filename){&#xA;                var filetype = filename.split(&amp;amp;apos;.&amp;amp;apos;).pop();&#xA;                switch (filetype){&#xA;                case &amp;amp;quot;js&amp;amp;quot;:&#xA;                        var insert=document.createElement(&amp;amp;apos;script&amp;amp;apos;)&#xA;                        insert.setAttribute(&amp;amp;quot;type&amp;amp;quot;,&amp;amp;quot;text/javascript&amp;amp;quot;)&#xA;                        insert.setAttribute(&amp;amp;quot;src&amp;amp;quot;, filename)&#xA;                        break;&#xA;                case &amp;amp;apos;css&amp;amp;apos;:&#xA;                var insert=document.createElement(&amp;amp;quot;link&amp;amp;quot;);&#xA;                insert.setAttribute(&amp;amp;quot;type&amp;amp;quot;, &amp;amp;quot;text/css&amp;amp;quot;)&#xA;                insert.setAttribute(&amp;amp;quot;href&amp;amp;quot;, filename)&#xA;                insert.setAttribute(&amp;amp;quot;rel&amp;amp;quot;, &amp;amp;quot;stylesheet&amp;amp;quot;)&#xA;                break;&#xA;                }&#xA;                if (typeof insert!=&amp;amp;quot;undefined&amp;amp;quot;)&#xA;                document.getElementsByTagName(&amp;amp;quot;head&amp;amp;quot;)[0].appendChild(insert);&#xA;                return false;&#xA;        }&#xA;        &#xA;        &#xA;        ////The following is from:&#xA;        //http://stackoverflow.com/questions/316781/how-to-build-query-string-with-javascript&#xA;        &#xA;        function form_to_params( form )&#xA;        {&#xA;                var output = &amp;amp;quot;&amp;amp;quot;;&#xA;                var length = form.elements.length&#xA;                for( var i = 0; i &amp;amp;lt; length; i++ )&#xA;                {&#xA;                element = form.elements[i]&#xA;        &#xA;                if(element.tagName == &amp;amp;apos;TEXTAREA&amp;amp;apos; )&#xA;                {&#xA;                        output += &amp;amp;quot;|&amp;amp;quot; + element.name + &amp;amp;quot;:&amp;amp;quot; + element.value; &#xA;                }&#xA;                else if( element.tagName == &amp;amp;apos;INPUT&amp;amp;apos; )&#xA;                {&#xA;                        switch(element.type){&#xA;                        case &amp;amp;apos;radio&amp;amp;apos;:&#xA;                        case &amp;amp;apos;checkbox&amp;amp;apos;:&#xA;                                if(element.checked &amp;amp;amp;&amp;amp;amp; !element.value){&#xA;                                output += &amp;amp;quot;|&amp;amp;quot; + element.name + &amp;amp;quot;:on&amp;amp;quot;;&#xA;                                break;&#xA;                                }&#xA;                        case &amp;amp;apos;text&amp;amp;apos;:&#xA;                        case &amp;amp;apos;hidden&amp;amp;apos;:&#xA;                        case &amp;amp;apos;password&amp;amp;apos;:&#xA;                                if(element.value)&#xA;                                output += &amp;amp;quot;|&amp;amp;quot; + element.name + &amp;amp;quot;:&amp;amp;quot; + element.value;&#xA;                        break;     &#xA;                        }&#xA;                }&#xA;                }&#xA;                return output.substring(1);&#xA;        }&#xA;        &#xA;        &#xA;        function htmlEntities(str) {&#xA;                return String(str).replace(/&amp;amp;amp;/g, &amp;amp;apos;&amp;amp;amp;amp;&amp;amp;apos;).replace(/&amp;amp;lt;/g, &amp;amp;apos;&amp;amp;amp;lt;&amp;amp;apos;).replace(/&amp;amp;gt;/g, &amp;amp;apos;&amp;amp;amp;gt;&amp;amp;apos;).replace(/&amp;amp;quot;/g, &amp;amp;apos;&amp;amp;amp;quot;&amp;amp;apos;);&#xA;        }&amp;lt;/responsebody&amp;gt;&#xA;                                                                        &amp;lt;/instance&amp;gt;&#xA;                                                                &#xA;                                                        &amp;lt;/instances&amp;gt;&#xA;                                                        &amp;lt;count&amp;gt;3&amp;lt;/count&amp;gt;&#xA;                                                        &amp;lt;systemic&amp;gt;false&amp;lt;/systemic&amp;gt;&#xA;                                                        &amp;lt;solution&amp;gt;&amp;lt;/solution&amp;gt;&#xA;                                                        &amp;lt;otherinfo&amp;gt;NOTE: Because of its name this cookie may be important, but dropping it appears to have no effect: [JSESSIONID] &#xA;        Cookies that don&amp;amp;apos;t have expected effects can reveal flaws in application logic. In the worst case, this can reveal where authentication via cookie token(s) is not actually enforced.&#xA;        These cookies affected the response: &#xA;        These cookies did NOT affect the response: JSESSIONID&#xA;        &amp;lt;/otherinfo&amp;gt;&#xA;                                                        &amp;lt;reference&amp;gt;http://projects.webappsec.org/Fingerprinting&#xA;        &amp;lt;/reference&amp;gt;&#xA;                                                        &amp;lt;cweid&amp;gt;200&amp;lt;/cweid&amp;gt;&#xA;                                                        &amp;lt;wascid&amp;gt;45&amp;lt;/wascid&amp;gt;&#xA;                                                        &amp;lt;sourceid&amp;gt;2420&amp;lt;/sourceid&amp;gt;&#xA;                                                        &amp;lt;tags&amp;gt;&#xA;                                                                &amp;lt;tag&amp;gt;&#xA;                                                                        &amp;lt;tag&amp;gt;OWASP_2017_A06 &amp;lt;/tag&amp;gt;&#xA;                                                                        &amp;lt;link&amp;gt;https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html &amp;lt;/link&amp;gt;&#xA;                                                                &amp;lt;/tag&amp;gt;&#xA;                                                                &amp;lt;tag&amp;gt;&#xA;                                                                        &amp;lt;tag&amp;gt;OWASP_2021_A05 &amp;lt;/tag&amp;gt;&#xA;                                                                        &amp;lt;link&amp;gt;https://owasp.org/Top10/A05_2021-Security_Misconfiguration/ &amp;lt;/link&amp;gt;&#xA;                                                                &amp;lt;/tag&amp;gt;&#xA;                                                                &amp;lt;tag&amp;gt;&#xA;                                                                        &amp;lt;tag&amp;gt;WSTG-v42-SESS-02 &amp;lt;/tag&amp;gt;&#xA;                                                                        &amp;lt;link&amp;gt;https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes &amp;lt;/link&amp;gt;&#xA;                                                                &amp;lt;/tag&amp;gt;&#xA;&#xA;                                                        &amp;lt;/tags&amp;gt;&#xA;                                                &amp;lt;/alertitem&amp;gt;&#xA;                                &amp;lt;/alerts&amp;gt;&#xA;                                &amp;lt;statistics&amp;gt;&#xA;                                        &amp;lt;statistic&amp;gt;&#xA;                                                &amp;lt;key&amp;gt;site.specific.stat.a&amp;lt;/key&amp;gt;&#xA;                                                &amp;lt;value&amp;gt;1&amp;lt;/value&amp;gt;&#xA;                                        &amp;lt;/statistic&amp;gt;&#xA;                                        &amp;lt;statistic&amp;gt;&#xA;                                                &amp;lt;key&amp;gt;site.specific.stat.b&amp;lt;/key&amp;gt;&#xA;                                                &amp;lt;value&amp;gt;2&amp;lt;/value&amp;gt;&#xA;                                        &amp;lt;/statistic&amp;gt;&#xA;                                &amp;lt;/statistics&amp;gt;&#xA;                        &amp;lt;/site&amp;gt;&#xA;                        &amp;lt;statistics&amp;gt;&#xA;                                &amp;lt;statistic&amp;gt;&#xA;                                        &amp;lt;key&amp;gt;global.stat.a&amp;lt;/key&amp;gt;&#xA;                                        &amp;lt;value&amp;gt;1&amp;lt;/value&amp;gt;&#xA;                                &amp;lt;/statistic&amp;gt;&#xA;                                &amp;lt;statistic&amp;gt;&#xA;                                        &amp;lt;key&amp;gt;global.stat.b&amp;lt;/key&amp;gt;&#xA;                                        &amp;lt;value&amp;gt;2&amp;lt;/value&amp;gt;&#xA;                                &amp;lt;/statistic&amp;gt;&#xA;                        &amp;lt;/statistics&amp;gt;&#xA;        &amp;lt;/OWASPZAPReport&amp;gt;                &#xA;&lt;/code&gt;&lt;/pre&gt;</description>
     </item>
   </channel>
 </rss>
diff --git a/docs/desktop/addons/report-generation/report-traditional-json-plus/index.html b/docs/desktop/addons/report-generation/report-traditional-json-plus/index.html
index 2e518e8681..db35aa84af 100644
--- a/docs/desktop/addons/report-generation/report-traditional-json-plus/index.html
+++ b/docs/desktop/addons/report-generation/report-traditional-json-plus/index.html
@@ -1908,6 +1908,7 @@ <h3 id="sample">Sample <a class="header-link" href="#sample"><svg class="fill-cu
                     &#34;instances&#34;:[
                         {
                             &#34;uri&#34;: &#34;http://localhost:8080/bodgeit/search.jsp?q=%3C%2Ffont%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cfont%3E&#34;,
+                            &#34;nodeName&#34;: &#34;http://localhost:8080/bodgeit/search.jsp (q)&#34;,
                             &#34;method&#34;: &#34;GET&#34;,
                             &#34;param&#34;: &#34;q&#34;,
                             &#34;attack&#34;: &#34;&lt;/font&gt;&lt;scrIpt&gt;alert(1);&lt;/scRipt&gt;&lt;font&gt;&#34;,
@@ -1920,6 +1921,7 @@ <h3 id="sample">Sample <a class="header-link" href="#sample"><svg class="fill-cu
                         },
                         {
                             &#34;uri&#34;: &#34;http://localhost:8080/bodgeit/contact.jsp&#34;,
+                            &#34;nodeName&#34;: &#34;http://localhost:8080/bodgeit/contact.jsp&#34;,
                             &#34;method&#34;: &#34;POST&#34;,
                             &#34;param&#34;: &#34;comments&#34;,
                             &#34;attack&#34;: &#34;&lt;/td&gt;&lt;scrIpt&gt;alert(1);&lt;/scRipt&gt;&lt;td&gt;&#34;,
@@ -1932,6 +1934,7 @@ <h3 id="sample">Sample <a class="header-link" href="#sample"><svg class="fill-cu
                         }
                     ],                   
                     &#34;count&#34;: &#34;2&#34;, 
+                    &#34;systemic&#34;: false, 
                     &#34;solution&#34;: &#34;&lt;p&gt;Phase: Architecture and Design&lt;/p&gt;&lt;p&gt;Use a vetted library or framework that does not ...&lt;/p&gt;&#34;,
                     &#34;otherinfo&#34;: &#34;&#34;,
                     &#34;reference&#34;: &#34;&lt;p&gt;http://projects.webappsec.org/Cross-Site-Scripting&lt;/p&gt;&lt;p&gt;http://cwe.mitre.org/data/definitions/79.html&lt;/p&gt;&#34;,
diff --git a/docs/desktop/addons/report-generation/report-traditional-json/index.html b/docs/desktop/addons/report-generation/report-traditional-json/index.html
index f37ca439e8..08c94c5013 100644
--- a/docs/desktop/addons/report-generation/report-traditional-json/index.html
+++ b/docs/desktop/addons/report-generation/report-traditional-json/index.html
@@ -1884,6 +1884,7 @@ <h3 id="sample">Sample <a class="header-link" href="#sample"><svg class="fill-cu
                     &#34;instances&#34;:[
                         {
                             &#34;uri&#34;: &#34;http://localhost:8080/bodgeit/search.jsp?q=%3C%2Ffont%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cfont%3E&#34;,
+                            &#34;nodeName&#34;: &#34;http://localhost:8080/bodgeit/search.jsp (q)&#34;,
                             &#34;method&#34;: &#34;GET&#34;,
                             &#34;param&#34;: &#34;q&#34;,
                             &#34;attack&#34;: &#34;&lt;/font&gt;&lt;scrIpt&gt;alert(1);&lt;/scRipt&gt;&lt;font&gt;&#34;,
@@ -1892,6 +1893,7 @@ <h3 id="sample">Sample <a class="header-link" href="#sample"><svg class="fill-cu
                         },
                         {
                             &#34;uri&#34;: &#34;http://localhost:8080/bodgeit/contact.jsp&#34;,
+                            &#34;nodeName&#34;: &#34;http://localhost:8080/bodgeit/contact.jsp&#34;,
                             &#34;method&#34;: &#34;POST&#34;,
                             &#34;param&#34;: &#34;comments&#34;,
                             &#34;attack&#34;: &#34;&lt;/td&gt;&lt;scrIpt&gt;alert(1);&lt;/scRipt&gt;&lt;td&gt;&#34;,
@@ -1900,6 +1902,7 @@ <h3 id="sample">Sample <a class="header-link" href="#sample"><svg class="fill-cu
                         }
                     ],                   
                     &#34;count&#34;: &#34;2&#34;, 
+                    &#34;systemic&#34;: false, 
                     &#34;solution&#34;: &#34;&lt;p&gt;Phase: Architecture and Design&lt;/p&gt;&lt;p&gt;Use a vetted library or framework that does not ...&lt;/p&gt;&#34;,
                     &#34;otherinfo&#34;: &#34;&#34;,
                     &#34;reference&#34;: &#34;&lt;p&gt;http://projects.webappsec.org/Cross-Site-Scripting&lt;/p&gt;&lt;p&gt;http://cwe.mitre.org/data/definitions/79.html&lt;/p&gt;&#34;,
diff --git a/docs/desktop/addons/report-generation/report-traditional-markdown/index.html b/docs/desktop/addons/report-generation/report-traditional-markdown/index.html
index 48c3838d90..9e7ff480e3 100644
--- a/docs/desktop/addons/report-generation/report-traditional-markdown/index.html
+++ b/docs/desktop/addons/report-generation/report-traditional-markdown/index.html
@@ -1919,18 +1919,21 @@ <h4 id="header-risk-confidence">Header <code>Risk (Confidence)</code> <a class="
 CSRF has primarily been used to perform an action against a target site using the victim&#39;s privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.
 
 * URL: http://localhost:8080/bodgeit/advanced.jsp
+  * Node Name: http://localhost:8080/bodgeit/advanced.jsp
   * Method: `GET`
   * Parameter: ``
   * Attack: ``
   * Evidence: `&lt;form id=&#34;advanced&#34; name=&#34;advanced&#34; method=&#34;POST&#34; onsubmit=&#34;return validateForm(this);false;&#34;&gt;`
   * Other Info: ``
 * URL: http://localhost:8080/bodgeit/advanced.jsp
+  * Node Name: http://localhost:8080/bodgeit/advanced.jsp
   * Method: `GET`
   * Parameter: ``
   * Attack: ``
   * Evidence: `&lt;form id=&#34;query&#34; name=&#34;advanced&#34; method=&#34;POST&#34;&gt;`
   * Other Info: ``
 * URL: http://localhost:8080/bodgeit/basket.jsp
+  * Node Name: http://localhost:8080/bodgeit/basket.jsp
   * Method: `GET`
   * Parameter: ``
   * Attack: ``
diff --git a/docs/desktop/addons/report-generation/report-traditional-xml-plus/index.html b/docs/desktop/addons/report-generation/report-traditional-xml-plus/index.html
index adc80a1a99..329de6fa6c 100644
--- a/docs/desktop/addons/report-generation/report-traditional-xml-plus/index.html
+++ b/docs/desktop/addons/report-generation/report-traditional-xml-plus/index.html
@@ -1880,6 +1880,7 @@ <h3 id="sample">Sample <a class="header-link" href="#sample"><svg class="fill-cu
                                                                 
                                                                         &lt;instance&gt;
                                                                                 &lt;uri&gt;http://localhost:8080/bodgeit/js&lt;/uri&gt;
+                                                                                &lt;nodeName&gt;http://localhost:8080/bodgeit/js&lt;/nodeName&gt;
                                                                                 &lt;method&gt;GET&lt;/method&gt;
                                                                                 &lt;param&gt;&lt;/param&gt;
                                                                                 &lt;attack&gt;&lt;/attack&gt;
@@ -1913,6 +1914,7 @@ <h3 id="sample">Sample <a class="header-link" href="#sample"><svg class="fill-cu
                                                                 
                                                                         &lt;instance&gt;
                                                                                 &lt;uri&gt;http://localhost:8080/bodgeit/js/util.js&lt;/uri&gt;
+                                                                                &lt;nodeName&gt;http://localhost:8080/bodgeit/js/util.js&lt;/nodeName&gt;
                                                                                 &lt;method&gt;GET&lt;/method&gt;
                                                                                 &lt;param&gt;&lt;/param&gt;
                                                                                 &lt;attack&gt;&lt;/attack&gt;
@@ -2009,6 +2011,7 @@ <h3 id="sample">Sample <a class="header-link" href="#sample"><svg class="fill-cu
                                                                 
                                                         &lt;/instances&gt;
                                                         &lt;count&gt;3&lt;/count&gt;
+                                                        &lt;systemic&gt;false&lt;/systemic&gt;
                                                         &lt;solution&gt;&lt;/solution&gt;
                                                         &lt;otherinfo&gt;NOTE: Because of its name this cookie may be important, but dropping it appears to have no effect: [JSESSIONID] 
         Cookies that don&amp;apos;t have expected effects can reveal flaws in application logic. In the worst case, this can reveal where authentication via cookie token(s) is not actually enforced.
diff --git a/docs/desktop/addons/report-generation/report-traditional-xml/index.html b/docs/desktop/addons/report-generation/report-traditional-xml/index.html
index ad3f3c9363..8e10e71322 100644
--- a/docs/desktop/addons/report-generation/report-traditional-xml/index.html
+++ b/docs/desktop/addons/report-generation/report-traditional-xml/index.html
@@ -1878,9 +1878,9 @@ <h3 id="sample">Sample <a class="header-link" href="#sample"><svg class="fill-cu
                         &lt;confidencedesc&gt;Medium&lt;/confidencedesc&gt;
                         &lt;desc&gt;&lt;p&gt;A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge...&lt;/desc&gt;
                         &lt;instances&gt;
-
                                 &lt;instance&gt;
                                     &lt;uri&gt;http://localhost:8080/bodgeit/advanced.jsp&lt;/uri&gt;
+                                    &lt;nodeName&gt;http://localhost:8080/bodgeit/advanced.jsp&lt;/nodeName&gt;
                                     &lt;method&gt;GET&lt;/method&gt;
                                     &lt;param&gt;&lt;/param&gt;
                                     &lt;attack&gt;&lt;/attack&gt;
@@ -1890,6 +1890,7 @@ <h3 id="sample">Sample <a class="header-link" href="#sample"><svg class="fill-cu
 
                                 &lt;instance&gt;
                                     &lt;uri&gt;http://localhost:8080/bodgeit/advanced.jsp&lt;/uri&gt;
+                                    &lt;nodeName&gt;http://localhost:8080/bodgeit/advanced.jsp&lt;/nodeName&gt;
                                     &lt;method&gt;GET&lt;/method&gt;
                                     &lt;param&gt;&lt;/param&gt;
                                     &lt;attack&gt;&lt;/attack&gt;
@@ -1899,12 +1900,17 @@ <h3 id="sample">Sample <a class="header-link" href="#sample"><svg class="fill-cu
 
                                 &lt;instance&gt;
                                     &lt;uri&gt;http://localhost:8080/bodgeit/basket.jsp&lt;/uri&gt;
+                                    &lt;nodeName&gt;http://localhost:8080/bodgeit/basket.jsp&lt;/nodeName&gt;
                                     &lt;method&gt;GET&lt;/method&gt;
                                     &lt;param&gt;&lt;/param&gt;
                                     &lt;attack&gt;&lt;/attack&gt;
                                     &lt;evidence&gt;&lt;form action=&#34;basket.jsp&#34; method=&#34;post&#34;&gt;&lt;/evidence&gt;
                                     &lt;otherinfo&gt;&lt;/otherinfo&gt;
                                 &lt;/instance&gt;
+                        &lt;count&gt;2&lt;/count&gt;
+                        &lt;systemic&gt;false&lt;/systemic&gt;
+                        &lt;solution&gt;The solution&lt;/solution&gt;
+                        &lt;otherinfo&gt;The other info&lt;/otherinfo&gt;
 </code></pre>
         </div>
       </div>
diff --git a/docs/sbom/authhelper/index.html b/docs/sbom/authhelper/index.html
index c32d0d547c..5c02ceae94 100644
--- a/docs/sbom/authhelper/index.html
+++ b/docs/sbom/authhelper/index.html
@@ -122,9 +122,9 @@ <h1 class="text--white">Authentication Helper Add-on SBOM</h1>
     <a href="/docs/sbom/authhelper">Authentication Helper</a>
   </header>
   <br>
-  <p>This page contains a list of all the libraries involved in building version <code>0.31.0</code> of the
+  <p>This page contains a list of all the libraries involved in building version <code>0.32.0</code> of the
     "Authentication Helper" add-on.
-  <p>You may download the full <a href="https://github.com/zaproxy/zap-extensions/releases/download/authhelper-v0.31.0/bom.json">Software Bill Of Materials (SBOM) JSON file</a>
+  <p>You may download the full <a href="https://github.com/zaproxy/zap-extensions/releases/download/authhelper-v0.32.0/bom.json">Software Bill Of Materials (SBOM) JSON file</a>
     for this add-on.
   <div class="flex">
     <table>
@@ -203,7 +203,7 @@ <h1 class="text--white">Authentication Helper Add-on SBOM</h1>
         
         <tr>
           <td>automation</td>
-          <td align="center">0.55.0</td>
+          <td align="center">0.56.0</td>
           <td></td>
         </tr>
         
diff --git a/docs/sbom/automation/index.html b/docs/sbom/automation/index.html
index 5ede7ce37c..a5f6c5d212 100644
--- a/docs/sbom/automation/index.html
+++ b/docs/sbom/automation/index.html
@@ -122,9 +122,9 @@ <h1 class="text--white">Automation Framework Add-on SBOM</h1>
     <a href="/docs/sbom/automation">Automation Framework</a>
   </header>
   <br>
-  <p>This page contains a list of all the libraries involved in building version <code>0.55.0</code> of the
+  <p>This page contains a list of all the libraries involved in building version <code>0.56.0</code> of the
     "Automation Framework" add-on.
-  <p>You may download the full <a href="https://github.com/zaproxy/zap-extensions/releases/download/automation-v0.55.0/bom.json">Software Bill Of Materials (SBOM) JSON file</a>
+  <p>You may download the full <a href="https://github.com/zaproxy/zap-extensions/releases/download/automation-v0.56.0/bom.json">Software Bill Of Materials (SBOM) JSON file</a>
     for this add-on.
   <div class="flex">
     <table>
diff --git a/docs/sbom/index.html b/docs/sbom/index.html
index 892914f47a..e595d0638a 100644
--- a/docs/sbom/index.html
+++ b/docs/sbom/index.html
@@ -548,7 +548,7 @@ <h1 class="text--white">Software Bill of Materials</h1>
             <a href="/docs/sbom/reports/">Report Generation Add-on SBOM</a>
           </td>
           <td>
-            145
+            163
           </td>
     </tr>
     
diff --git a/docs/sbom/reports/index.html b/docs/sbom/reports/index.html
index 9053700354..c2ee6ad243 100644
--- a/docs/sbom/reports/index.html
+++ b/docs/sbom/reports/index.html
@@ -122,9 +122,9 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
     <a href="/docs/sbom/reports">Report Generation</a>
   </header>
   <br>
-  <p>This page contains a list of all the libraries involved in building version <code>0.41.0</code> of the
+  <p>This page contains a list of all the libraries involved in building version <code>0.42.0</code> of the
     "Report Generation" add-on.
-  <p>You may download the full <a href="https://github.com/zaproxy/zap-extensions/releases/download/reports-v0.41.0/bom.json">Software Bill Of Materials (SBOM) JSON file</a>
+  <p>You may download the full <a href="https://github.com/zaproxy/zap-extensions/releases/download/reports-v0.42.0/bom.json">Software Bill Of Materials (SBOM) JSON file</a>
     for this add-on.
   <div class="flex">
     <table>
@@ -191,55 +191,133 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
         
         <tr>
           <td>automation</td>
-          <td align="center">0.53.0</td>
+          <td align="center">0.56.0</td>
           <td></td>
         </tr>
         
         <tr>
-          <td>bcmail-jdk14</td>
-          <td align="center">1.76</td>
-          <td>Bouncy Castle Licence</td>
+          <td>batik-anim</td>
+          <td align="center">1.19</td>
+          <td>Apache-2.0</td>
         </tr>
         
         <tr>
-          <td>bcmail-jdk18on</td>
-          <td align="center">1.77</td>
-          <td>Bouncy Castle Licence</td>
+          <td>batik-awt-util</td>
+          <td align="center">1.19</td>
+          <td>Apache-2.0</td>
         </tr>
         
         <tr>
-          <td>bcpkix-jdk14</td>
-          <td align="center">1.76</td>
-          <td>Bouncy Castle Licence</td>
+          <td>batik-bridge</td>
+          <td align="center">1.19</td>
+          <td>Apache-2.0</td>
         </tr>
         
         <tr>
-          <td>bcpkix-jdk18on</td>
-          <td align="center">1.77</td>
-          <td>Bouncy Castle Licence</td>
+          <td>batik-codec</td>
+          <td align="center">1.19</td>
+          <td>Apache-2.0</td>
         </tr>
         
         <tr>
-          <td>bcprov-jdk14</td>
-          <td align="center">1.76</td>
-          <td>Bouncy Castle Licence</td>
+          <td>batik-constants</td>
+          <td align="center">1.19</td>
+          <td>Apache-2.0</td>
         </tr>
         
         <tr>
-          <td>bcprov-jdk18on</td>
+          <td>batik-css</td>
+          <td align="center">1.19</td>
+          <td>Apache-2.0</td>
+        </tr>
+        
+        <tr>
+          <td>batik-dom</td>
+          <td align="center">1.19</td>
+          <td>Apache-2.0</td>
+        </tr>
+        
+        <tr>
+          <td>batik-ext</td>
+          <td align="center">1.19</td>
+          <td>Apache-2.0</td>
+        </tr>
+        
+        <tr>
+          <td>batik-gvt</td>
+          <td align="center">1.19</td>
+          <td>Apache-2.0</td>
+        </tr>
+        
+        <tr>
+          <td>batik-i18n</td>
+          <td align="center">1.19</td>
+          <td>Apache-2.0</td>
+        </tr>
+        
+        <tr>
+          <td>batik-parser</td>
+          <td align="center">1.19</td>
+          <td>Apache-2.0</td>
+        </tr>
+        
+        <tr>
+          <td>batik-script</td>
+          <td align="center">1.19</td>
+          <td>Apache-2.0</td>
+        </tr>
+        
+        <tr>
+          <td>batik-shared-resources</td>
+          <td align="center">1.19</td>
+          <td>Apache-2.0</td>
+        </tr>
+        
+        <tr>
+          <td>batik-svg-dom</td>
+          <td align="center">1.19</td>
+          <td>Apache-2.0</td>
+        </tr>
+        
+        <tr>
+          <td>batik-svggen</td>
+          <td align="center">1.19</td>
+          <td>Apache-2.0</td>
+        </tr>
+        
+        <tr>
+          <td>batik-transcoder</td>
+          <td align="center">1.19</td>
+          <td>Apache-2.0</td>
+        </tr>
+        
+        <tr>
+          <td>batik-util</td>
+          <td align="center">1.19</td>
+          <td>Apache-2.0</td>
+        </tr>
+        
+        <tr>
+          <td>batik-xml</td>
+          <td align="center">1.19</td>
+          <td>Apache-2.0</td>
+        </tr>
+        
+        <tr>
+          <td>bcmail-jdk18on</td>
           <td align="center">1.77</td>
           <td>Bouncy Castle Licence</td>
         </tr>
         
         <tr>
-          <td>bctsp-jdk14</td>
-          <td align="center">1.46</td>
+          <td>bcpkix-jdk18on</td>
+          <td align="center">1.77</td>
           <td>Bouncy Castle Licence</td>
         </tr>
         
         <tr>
-          <td>bcutil-jdk14</td>
-          <td align="center">1.76</td>
+          <td>bcprov-jdk18on</td>
+          <td align="center">1.77</td>
           <td>Bouncy Castle Licence</td>
         </tr>
         
@@ -251,7 +329,7 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
         
         <tr>
           <td>biz.aQute.bnd.annotation</td>
-          <td align="center">6.4.1</td>
+          <td align="center">7.1.0</td>
           <td>(Apache-2.0 OR EPL-2.0)</td>
         </tr>
         
@@ -263,13 +341,13 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
         
         <tr>
           <td>byte-buddy</td>
-          <td align="center">1.14.9</td>
+          <td align="center">1.17.7</td>
           <td>Apache-2.0</td>
         </tr>
         
         <tr>
           <td>byte-buddy-agent</td>
-          <td align="center">1.14.9</td>
+          <td align="center">1.17.7</td>
           <td>Apache-2.0</td>
         </tr>
         
@@ -281,13 +359,13 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
         
         <tr>
           <td>checker-qual</td>
-          <td align="center">3.37.0</td>
+          <td align="center">3.43.0</td>
           <td>MIT</td>
         </tr>
         
         <tr>
           <td>commonlib</td>
-          <td align="center">1.36.0</td>
+          <td align="center">1.39.0</td>
           <td></td>
         </tr>
         
@@ -303,6 +381,12 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
           <td>Apache-2.0</td>
         </tr>
         
+        <tr>
+          <td>commons-codec</td>
+          <td align="center">1.19.0</td>
+          <td>Apache-2.0</td>
+        </tr>
+        
         <tr>
           <td>commons-collections</td>
           <td align="center">3.2.2</td>
@@ -311,7 +395,7 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
         
         <tr>
           <td>commons-collections4</td>
-          <td align="center">4.4</td>
+          <td align="center">4.5.0</td>
           <td>Apache-2.0</td>
         </tr>
         
@@ -323,13 +407,13 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
         
         <tr>
           <td>commons-csv</td>
-          <td align="center">1.10.0</td>
+          <td align="center">1.12.0</td>
           <td>Apache-2.0</td>
         </tr>
         
         <tr>
           <td>commons-csv</td>
-          <td align="center">1.12.0</td>
+          <td align="center">1.14.1</td>
           <td>Apache-2.0</td>
         </tr>
         
@@ -341,7 +425,7 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
         
         <tr>
           <td>commons-io</td>
-          <td align="center">2.16.1</td>
+          <td align="center">2.17.0</td>
           <td>Apache-2.0</td>
         </tr>
         
@@ -351,6 +435,12 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
           <td>Apache-2.0</td>
         </tr>
         
+        <tr>
+          <td>commons-io</td>
+          <td align="center">2.20.0</td>
+          <td>Apache-2.0</td>
+        </tr>
+        
         <tr>
           <td>commons-lang</td>
           <td align="center">2.6</td>
@@ -365,7 +455,7 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
         
         <tr>
           <td>commons-logging</td>
-          <td align="center">1.2</td>
+          <td align="center">1.3.0</td>
           <td>Apache-2.0</td>
         </tr>
         
@@ -389,31 +479,25 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
         
         <tr>
           <td>error_prone_annotation</td>
-          <td align="center">2.36.0</td>
+          <td align="center">2.42.0</td>
           <td>Apache-2.0</td>
         </tr>
         
         <tr>
           <td>error_prone_annotations</td>
-          <td align="center">2.36.0</td>
+          <td align="center">2.42.0</td>
           <td>Apache-2.0</td>
         </tr>
         
         <tr>
           <td>error_prone_check_api</td>
-          <td align="center">2.36.0</td>
+          <td align="center">2.42.0</td>
           <td>Apache-2.0</td>
         </tr>
         
         <tr>
           <td>error_prone_core</td>
-          <td align="center">2.36.0</td>
-          <td>Apache-2.0</td>
-        </tr>
-        
-        <tr>
-          <td>error_prone_type_annotations</td>
-          <td align="center">2.36.0</td>
+          <td align="center">2.42.0</td>
           <td>Apache-2.0</td>
         </tr>
         
@@ -425,7 +509,7 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
         
         <tr>
           <td>failureaccess</td>
-          <td align="center">1.0.1</td>
+          <td align="center">1.0.2</td>
           <td>Apache-2.0</td>
         </tr>
         
@@ -443,43 +527,43 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
         
         <tr>
           <td>flying-saucer-core</td>
-          <td align="center">9.3.1</td>
+          <td align="center">9.13.3</td>
           <td>LGPL-2.1-or-later</td>
         </tr>
         
         <tr>
           <td>flying-saucer-pdf</td>
-          <td align="center">9.3.1</td>
+          <td align="center">9.13.3</td>
           <td>LGPL-2.1-or-later</td>
         </tr>
         
         <tr>
           <td>google-java-format</td>
-          <td align="center">1.19.1</td>
+          <td align="center">1.27.0</td>
           <td>Apache-2.0</td>
         </tr>
         
         <tr>
           <td>guava</td>
-          <td align="center">32.1.3-jre</td>
+          <td align="center">33.4.0-jre</td>
           <td>Apache-2.0</td>
         </tr>
         
         <tr>
           <td>hamcrest</td>
-          <td align="center">2.2</td>
+          <td align="center">3.0</td>
           <td>BSD-3-Clause</td>
         </tr>
         
         <tr>
           <td>hamcrest-core</td>
-          <td align="center">2.2</td>
+          <td align="center">3.0</td>
           <td>BSD-3-Clause</td>
         </tr>
         
         <tr>
           <td>hamcrest-library</td>
-          <td align="center">2.2</td>
+          <td align="center">3.0</td>
           <td>BSD-3-Clause</td>
         </tr>
         
@@ -520,26 +604,26 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
         </tr>
         
         <tr>
-          <td>itext</td>
-          <td align="center">2.1.7</td>
-          <td>MPL-1.0</td>
+          <td>j2objc-annotations</td>
+          <td align="center">3.0.0</td>
+          <td>Apache-2.0</td>
         </tr>
         
         <tr>
           <td>jackson-annotations</td>
-          <td align="center">2.19.1</td>
+          <td align="center">2.20</td>
           <td>Apache-2.0</td>
         </tr>
         
         <tr>
           <td>jackson-bom</td>
-          <td align="center">2.19.1</td>
+          <td align="center">2.20.1</td>
           <td>Apache-2.0</td>
         </tr>
         
         <tr>
           <td>jackson-core</td>
-          <td align="center">2.19.1</td>
+          <td align="center">2.20.1</td>
           <td>Apache-2.0</td>
         </tr>
         
@@ -551,31 +635,31 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
         
         <tr>
           <td>jackson-databind</td>
-          <td align="center">2.19.1</td>
+          <td align="center">2.20.1</td>
           <td>Apache-2.0</td>
         </tr>
         
         <tr>
           <td>jackson-dataformat-xml</td>
-          <td align="center">2.19.1</td>
+          <td align="center">2.20.1</td>
           <td>Apache-2.0</td>
         </tr>
         
         <tr>
           <td>jackson-dataformat-yaml</td>
-          <td align="center">2.19.1</td>
+          <td align="center">2.20.1</td>
           <td>Apache-2.0</td>
         </tr>
         
         <tr>
           <td>jackson-datatype-jdk8</td>
-          <td align="center">2.19.1</td>
+          <td align="center">2.20.1</td>
           <td>Apache-2.0</td>
         </tr>
         
         <tr>
           <td>jackson-datatype-jsr310</td>
-          <td align="center">2.19.1</td>
+          <td align="center">2.20.1</td>
           <td>Apache-2.0</td>
         </tr>
         
@@ -653,49 +737,49 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
         
         <tr>
           <td>junit-bom</td>
-          <td align="center">5.10.1</td>
+          <td align="center">6.0.1</td>
           <td>EPL-2.0</td>
         </tr>
         
         <tr>
           <td>junit-jupiter</td>
-          <td align="center">5.10.1</td>
+          <td align="center">6.0.1</td>
           <td>EPL-2.0</td>
         </tr>
         
         <tr>
           <td>junit-jupiter-api</td>
-          <td align="center">5.10.1</td>
+          <td align="center">6.0.1</td>
           <td>EPL-2.0</td>
         </tr>
         
         <tr>
           <td>junit-jupiter-engine</td>
-          <td align="center">5.10.1</td>
+          <td align="center">6.0.1</td>
           <td>EPL-2.0</td>
         </tr>
         
         <tr>
           <td>junit-jupiter-params</td>
-          <td align="center">5.10.1</td>
+          <td align="center">6.0.1</td>
           <td>EPL-2.0</td>
         </tr>
         
         <tr>
           <td>junit-platform-commons</td>
-          <td align="center">1.10.1</td>
+          <td align="center">6.0.1</td>
           <td>EPL-2.0</td>
         </tr>
         
         <tr>
           <td>junit-platform-engine</td>
-          <td align="center">1.10.1</td>
+          <td align="center">6.0.1</td>
           <td>EPL-2.0</td>
         </tr>
         
         <tr>
           <td>junit-platform-launcher</td>
-          <td align="center">1.10.1</td>
+          <td align="center">6.0.1</td>
           <td>EPL-2.0</td>
         </tr>
         
@@ -743,19 +827,19 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
         
         <tr>
           <td>lombok</td>
-          <td align="center">1.18.36</td>
+          <td align="center">1.18.40</td>
           <td>MIT</td>
         </tr>
         
         <tr>
           <td>mockito-core</td>
-          <td align="center">5.7.0</td>
+          <td align="center">5.20.0</td>
           <td>MIT</td>
         </tr>
         
         <tr>
           <td>mockito-junit-jupiter</td>
-          <td align="center">5.7.0</td>
+          <td align="center">5.20.0</td>
           <td>MIT</td>
         </tr>
         
@@ -873,6 +957,12 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
           <td>Apache-2.0</td>
         </tr>
         
+        <tr>
+          <td>openpdf</td>
+          <td align="center">2.0.5</td>
+          <td>GNU Lesser General Public License (LGPL), Version 2.1, Mozilla Public License Version 2.0</td>
+        </tr>
+        
         <tr>
           <td>opentest4j</td>
           <td align="center">1.3.0</td>
@@ -983,7 +1073,7 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
         
         <tr>
           <td>thymeleaf</td>
-          <td align="center">3.1.2.RELEASE</td>
+          <td align="center">3.1.3.RELEASE</td>
           <td>Apache-2.0</td>
         </tr>
         
@@ -999,6 +1089,24 @@ <h1 class="text--white">Report Generation Add-on SBOM</h1>
           <td>Apache-2.0</td>
         </tr>
         
+        <tr>
+          <td>xml-apis</td>
+          <td align="center">1.4.01</td>
+          <td>Apache-2.0, SAX-PD, The W3C License</td>
+        </tr>
+        
+        <tr>
+          <td>xml-apis-ext</td>
+          <td align="center">1.3.04</td>
+          <td>Apache-2.0</td>
+        </tr>
+        
+        <tr>
+          <td>xmlgraphics-commons</td>
+          <td align="center">2.11</td>
+          <td>Apache-2.0</td>
+        </tr>
+        
         <tr>
           <td>xom</td>
           <td align="center">1.3.9</td>
diff --git a/docs/statistics/index.xml b/docs/statistics/index.xml
index bca910ea01..48eef67ad1 100644
--- a/docs/statistics/index.xml
+++ b/docs/statistics/index.xml
@@ -40,7 +40,7 @@
       <link>/docs/statistics/top-addons-last-month/</link>
       <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
       <guid>/docs/statistics/top-addons-last-month/</guid>
-      <description>&lt;p&gt;These were the most frequently installed &lt;strong&gt;optional&lt;/strong&gt; add-ons last month.&lt;/p&gt;&#xA;&lt;p&gt;Note that this does not mean they were the most &lt;strong&gt;used&lt;/strong&gt; add-ons - that is harder to quantify.&lt;/p&gt;&#xA;&lt;table class=&#34;table market-table&#34;&gt;&#xA;    &lt;thead  align=&#34;left&#34;&gt;&#xA;    &lt;tr&gt;&#xA;        &lt;th &gt;Position&lt;/th&gt;&#xA;        &lt;th &gt;Add-On&lt;/th&gt;&#xA;        &lt;th &gt;Status&lt;/th&gt;&#xA;        &lt;th&gt;ID&lt;/th&gt;&#xA;        &lt;th &gt;Last Updated&lt;/th&gt;&#xA;    &lt;/tr&gt;&#xA;    &lt;/thead&gt;&#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          1&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/import-export/&#34;&gt;Import/Export&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          beta&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          exim&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-09-02&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          2&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/database/&#34;&gt;Database&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          alpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          database&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-03-04&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          3&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/requester/&#34;&gt;Requester&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          beta&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          requester&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-01-10&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          4&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/spider/&#34;&gt;Spider&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          release&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          spider&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-11-04&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          5&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/authentication-helper/&#34;&gt;Authentication Helper&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          beta&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          authhelper&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-11-05&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          6&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/postman-support/&#34;&gt;Postman Support&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          alpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          postman&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-09-02&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          7&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/passive-scanner/&#34;&gt;Passive Scanner&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          alpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          pscan&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-09-10&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          8&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/passive-scan-rules-beta/&#34;&gt;Passive scanner rules (beta)&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          beta&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          pscanrulesBeta&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-11-04&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          9&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/client-side-integration/&#34;&gt;Client Side Integration&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          alpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          client&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-11-04&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          10&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/scan-policies/&#34;&gt;Scan Policies&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          alpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          scanpolicies&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-11-04&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          11&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/sequence-scanner/&#34;&gt;Sequence&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          beta&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          sequence&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-01-10&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          12&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/active-scan-rules-beta/&#34;&gt;Active scanner rules (beta)&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          beta&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          ascanrulesBeta&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-11-04&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          13&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/passive-scan-rules-alpha/&#34;&gt;Passive scanner rules (alpha)&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          alpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          pscanrulesAlpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-11-04&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          14&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/access-control-testing/&#34;&gt;Access Control Testing&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          alpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          accessControl&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2024-03-25&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          15&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/plug-n-hack/&#34;&gt;Plug-n-Hack Configuration&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          beta&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          plugnhack&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2022-10-27&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          16&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/grpc-support/&#34;&gt;gRPC Support&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          alpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          grpc&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2024-07-02&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          17&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/custom-payloads/&#34;&gt;Custom Payloads&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          release&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          custompayloads&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-09-02&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          18&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/technology-detection/&#34;&gt;Technology Detection&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          release&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          wappalyzer&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-11-04&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          19&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/advanced-sqlinjection-scanner/&#34;&gt;Advanced SQLInjection Scanner&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          beta&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          sqliplugin&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-04-30&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          20&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/active-scan-rules-alpha/&#34;&gt;Active scanner rules (alpha)&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          alpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          ascanrulesAlpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-11-04&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;&lt;/table&gt;</description>
+      <description>&lt;p&gt;These were the most frequently installed &lt;strong&gt;optional&lt;/strong&gt; add-ons last month.&lt;/p&gt;&#xA;&lt;p&gt;Note that this does not mean they were the most &lt;strong&gt;used&lt;/strong&gt; add-ons - that is harder to quantify.&lt;/p&gt;&#xA;&lt;table class=&#34;table market-table&#34;&gt;&#xA;    &lt;thead  align=&#34;left&#34;&gt;&#xA;    &lt;tr&gt;&#xA;        &lt;th &gt;Position&lt;/th&gt;&#xA;        &lt;th &gt;Add-On&lt;/th&gt;&#xA;        &lt;th &gt;Status&lt;/th&gt;&#xA;        &lt;th&gt;ID&lt;/th&gt;&#xA;        &lt;th &gt;Last Updated&lt;/th&gt;&#xA;    &lt;/tr&gt;&#xA;    &lt;/thead&gt;&#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          1&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/import-export/&#34;&gt;Import/Export&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          beta&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          exim&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-09-02&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          2&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/database/&#34;&gt;Database&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          alpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          database&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-03-04&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          3&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/requester/&#34;&gt;Requester&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          beta&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          requester&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-01-10&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          4&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/spider/&#34;&gt;Spider&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          release&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          spider&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-11-04&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          5&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/authentication-helper/&#34;&gt;Authentication Helper&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          beta&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          authhelper&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-11-07&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          6&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/postman-support/&#34;&gt;Postman Support&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          alpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          postman&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-09-02&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          7&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/passive-scanner/&#34;&gt;Passive Scanner&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          alpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          pscan&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-09-10&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          8&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/passive-scan-rules-beta/&#34;&gt;Passive scanner rules (beta)&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          beta&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          pscanrulesBeta&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-11-04&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          9&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/client-side-integration/&#34;&gt;Client Side Integration&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          alpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          client&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-11-04&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          10&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/scan-policies/&#34;&gt;Scan Policies&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          alpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          scanpolicies&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-11-04&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          11&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/sequence-scanner/&#34;&gt;Sequence&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          beta&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          sequence&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-01-10&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          12&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/active-scan-rules-beta/&#34;&gt;Active scanner rules (beta)&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          beta&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          ascanrulesBeta&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-11-04&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          13&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/passive-scan-rules-alpha/&#34;&gt;Passive scanner rules (alpha)&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          alpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          pscanrulesAlpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-11-04&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          14&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/access-control-testing/&#34;&gt;Access Control Testing&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          alpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          accessControl&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2024-03-25&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          15&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/plug-n-hack/&#34;&gt;Plug-n-Hack Configuration&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          beta&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          plugnhack&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2022-10-27&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          16&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/grpc-support/&#34;&gt;gRPC Support&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          alpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          grpc&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2024-07-02&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          17&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/custom-payloads/&#34;&gt;Custom Payloads&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          release&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          custompayloads&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-09-02&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          18&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/technology-detection/&#34;&gt;Technology Detection&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          release&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          wappalyzer&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-11-04&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          19&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/advanced-sqlinjection-scanner/&#34;&gt;Advanced SQLInjection Scanner&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          beta&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          sqliplugin&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-04-30&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;      &#xA;      &lt;tr&gt;&#xA;        &lt;td &gt;&#xA;          20&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          &#xA;            &lt;a href=&#34;/docs/desktop/addons/active-scan-rules-alpha/&#34;&gt;Active scanner rules (alpha)&lt;/a&gt;&#xA;          &#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          alpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          ascanrulesAlpha&#xA;        &lt;/td&gt;&#xA;        &lt;td &gt;&#xA;          2025-11-04&#xA;        &lt;/td&gt;&#xA;      &lt;/tr&gt;&#xA;      &#xA;    &#xA;&lt;/table&gt;</description>
     </item>
   </channel>
 </rss>
diff --git a/docs/statistics/top-addons-last-month/index.html b/docs/statistics/top-addons-last-month/index.html
index af3b66c983..aab56eed2b 100644
--- a/docs/statistics/top-addons-last-month/index.html
+++ b/docs/statistics/top-addons-last-month/index.html
@@ -252,7 +252,7 @@ <h1 class="text--white">Top ZAP Add-Ons Last Month</h1>
           authhelper
         </td>
         <td >
-          2025-11-05
+          2025-11-07
         </td>
       </tr>
       
diff --git a/index.xml b/index.xml
index 4a2b7ec3f3..a5688a992e 100644
--- a/index.xml
+++ b/index.xml
@@ -17303,7 +17303,7 @@ This is particularly useful for comparing 2 sessions which access the same appli
           authhelper
         &lt;/td&gt;
         &lt;td &gt;
-          2025-11-05
+          2025-11-07
         &lt;/td&gt;
       &lt;/tr&gt;
       
@@ -17778,6 +17778,7 @@ This is particularly useful for comparing 2 sessions which access the same appli
                     &amp;#34;instances&amp;#34;:[
                         {
                             &amp;#34;uri&amp;#34;: &amp;#34;http://localhost:8080/bodgeit/search.jsp?q=%3C%2Ffont%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cfont%3E&amp;#34;,
+                            &amp;#34;nodeName&amp;#34;: &amp;#34;http://localhost:8080/bodgeit/search.jsp (q)&amp;#34;,
                             &amp;#34;method&amp;#34;: &amp;#34;GET&amp;#34;,
                             &amp;#34;param&amp;#34;: &amp;#34;q&amp;#34;,
                             &amp;#34;attack&amp;#34;: &amp;#34;&amp;lt;/font&amp;gt;&amp;lt;scrIpt&amp;gt;alert(1);&amp;lt;/scRipt&amp;gt;&amp;lt;font&amp;gt;&amp;#34;,
@@ -17786,6 +17787,7 @@ This is particularly useful for comparing 2 sessions which access the same appli
                         },
                         {
                             &amp;#34;uri&amp;#34;: &amp;#34;http://localhost:8080/bodgeit/contact.jsp&amp;#34;,
+                            &amp;#34;nodeName&amp;#34;: &amp;#34;http://localhost:8080/bodgeit/contact.jsp&amp;#34;,
                             &amp;#34;method&amp;#34;: &amp;#34;POST&amp;#34;,
                             &amp;#34;param&amp;#34;: &amp;#34;comments&amp;#34;,
                             &amp;#34;attack&amp;#34;: &amp;#34;&amp;lt;/td&amp;gt;&amp;lt;scrIpt&amp;gt;alert(1);&amp;lt;/scRipt&amp;gt;&amp;lt;td&amp;gt;&amp;#34;,
@@ -17794,6 +17796,7 @@ This is particularly useful for comparing 2 sessions which access the same appli
                         }
                     ],                   
                     &amp;#34;count&amp;#34;: &amp;#34;2&amp;#34;, 
+                    &amp;#34;systemic&amp;#34;: false, 
                     &amp;#34;solution&amp;#34;: &amp;#34;&amp;lt;p&amp;gt;Phase: Architecture and Design&amp;lt;/p&amp;gt;&amp;lt;p&amp;gt;Use a vetted library or framework that does not ...&amp;lt;/p&amp;gt;&amp;#34;,
                     &amp;#34;otherinfo&amp;#34;: &amp;#34;&amp;#34;,
                     &amp;#34;reference&amp;#34;: &amp;#34;&amp;lt;p&amp;gt;http://projects.webappsec.org/Cross-Site-Scripting&amp;lt;/p&amp;gt;&amp;lt;p&amp;gt;http://cwe.mitre.org/data/definitions/79.html&amp;lt;/p&amp;gt;&amp;#34;,
@@ -17860,6 +17863,7 @@ This is particularly useful for comparing 2 sessions which access the same appli
                     &amp;#34;instances&amp;#34;:[
                         {
                             &amp;#34;uri&amp;#34;: &amp;#34;http://localhost:8080/bodgeit/search.jsp?q=%3C%2Ffont%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cfont%3E&amp;#34;,
+                            &amp;#34;nodeName&amp;#34;: &amp;#34;http://localhost:8080/bodgeit/search.jsp (q)&amp;#34;,
                             &amp;#34;method&amp;#34;: &amp;#34;GET&amp;#34;,
                             &amp;#34;param&amp;#34;: &amp;#34;q&amp;#34;,
                             &amp;#34;attack&amp;#34;: &amp;#34;&amp;lt;/font&amp;gt;&amp;lt;scrIpt&amp;gt;alert(1);&amp;lt;/scRipt&amp;gt;&amp;lt;font&amp;gt;&amp;#34;,
@@ -17872,6 +17876,7 @@ This is particularly useful for comparing 2 sessions which access the same appli
                         },
                         {
                             &amp;#34;uri&amp;#34;: &amp;#34;http://localhost:8080/bodgeit/contact.jsp&amp;#34;,
+                            &amp;#34;nodeName&amp;#34;: &amp;#34;http://localhost:8080/bodgeit/contact.jsp&amp;#34;,
                             &amp;#34;method&amp;#34;: &amp;#34;POST&amp;#34;,
                             &amp;#34;param&amp;#34;: &amp;#34;comments&amp;#34;,
                             &amp;#34;attack&amp;#34;: &amp;#34;&amp;lt;/td&amp;gt;&amp;lt;scrIpt&amp;gt;alert(1);&amp;lt;/scRipt&amp;gt;&amp;lt;td&amp;gt;&amp;#34;,
@@ -17884,6 +17889,7 @@ This is particularly useful for comparing 2 sessions which access the same appli
                         }
                     ],                   
                     &amp;#34;count&amp;#34;: &amp;#34;2&amp;#34;, 
+                    &amp;#34;systemic&amp;#34;: false, 
                     &amp;#34;solution&amp;#34;: &amp;#34;&amp;lt;p&amp;gt;Phase: Architecture and Design&amp;lt;/p&amp;gt;&amp;lt;p&amp;gt;Use a vetted library or framework that does not ...&amp;lt;/p&amp;gt;&amp;#34;,
                     &amp;#34;otherinfo&amp;#34;: &amp;#34;&amp;#34;,
                     &amp;#34;reference&amp;#34;: &amp;#34;&amp;lt;p&amp;gt;http://projects.webappsec.org/Cross-Site-Scripting&amp;lt;/p&amp;gt;&amp;lt;p&amp;gt;http://cwe.mitre.org/data/definitions/79.html&amp;lt;/p&amp;gt;&amp;#34;,
@@ -17991,9 +17997,9 @@ This is particularly useful for comparing 2 sessions which access the same appli
                         &amp;lt;confidencedesc&amp;gt;Medium&amp;lt;/confidencedesc&amp;gt;
                         &amp;lt;desc&amp;gt;&amp;lt;p&amp;gt;A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge...&amp;lt;/desc&amp;gt;
                         &amp;lt;instances&amp;gt;
-
                                 &amp;lt;instance&amp;gt;
                                     &amp;lt;uri&amp;gt;http://localhost:8080/bodgeit/advanced.jsp&amp;lt;/uri&amp;gt;
+                                    &amp;lt;nodeName&amp;gt;http://localhost:8080/bodgeit/advanced.jsp&amp;lt;/nodeName&amp;gt;
                                     &amp;lt;method&amp;gt;GET&amp;lt;/method&amp;gt;
                                     &amp;lt;param&amp;gt;&amp;lt;/param&amp;gt;
                                     &amp;lt;attack&amp;gt;&amp;lt;/attack&amp;gt;
@@ -18003,6 +18009,7 @@ This is particularly useful for comparing 2 sessions which access the same appli
 
                                 &amp;lt;instance&amp;gt;
                                     &amp;lt;uri&amp;gt;http://localhost:8080/bodgeit/advanced.jsp&amp;lt;/uri&amp;gt;
+                                    &amp;lt;nodeName&amp;gt;http://localhost:8080/bodgeit/advanced.jsp&amp;lt;/nodeName&amp;gt;
                                     &amp;lt;method&amp;gt;GET&amp;lt;/method&amp;gt;
                                     &amp;lt;param&amp;gt;&amp;lt;/param&amp;gt;
                                     &amp;lt;attack&amp;gt;&amp;lt;/attack&amp;gt;
@@ -18012,12 +18019,17 @@ This is particularly useful for comparing 2 sessions which access the same appli
 
                                 &amp;lt;instance&amp;gt;
                                     &amp;lt;uri&amp;gt;http://localhost:8080/bodgeit/basket.jsp&amp;lt;/uri&amp;gt;
+                                    &amp;lt;nodeName&amp;gt;http://localhost:8080/bodgeit/basket.jsp&amp;lt;/nodeName&amp;gt;
                                     &amp;lt;method&amp;gt;GET&amp;lt;/method&amp;gt;
                                     &amp;lt;param&amp;gt;&amp;lt;/param&amp;gt;
                                     &amp;lt;attack&amp;gt;&amp;lt;/attack&amp;gt;
                                     &amp;lt;evidence&amp;gt;&amp;lt;form action=&amp;#34;basket.jsp&amp;#34; method=&amp;#34;post&amp;#34;&amp;gt;&amp;lt;/evidence&amp;gt;
                                     &amp;lt;otherinfo&amp;gt;&amp;lt;/otherinfo&amp;gt;
                                 &amp;lt;/instance&amp;gt;
+                        &amp;lt;count&amp;gt;2&amp;lt;/count&amp;gt;
+                        &amp;lt;systemic&amp;gt;false&amp;lt;/systemic&amp;gt;
+                        &amp;lt;solution&amp;gt;The solution&amp;lt;/solution&amp;gt;
+                        &amp;lt;otherinfo&amp;gt;The other info&amp;lt;/otherinfo&amp;gt;
 &lt;/code&gt;&lt;/pre&gt;</description>
     </item>
     
@@ -18049,6 +18061,7 @@ This is particularly useful for comparing 2 sessions which access the same appli
                                                                 
                                                                         &amp;lt;instance&amp;gt;
                                                                                 &amp;lt;uri&amp;gt;http://localhost:8080/bodgeit/js&amp;lt;/uri&amp;gt;
+                                                                                &amp;lt;nodeName&amp;gt;http://localhost:8080/bodgeit/js&amp;lt;/nodeName&amp;gt;
                                                                                 &amp;lt;method&amp;gt;GET&amp;lt;/method&amp;gt;
                                                                                 &amp;lt;param&amp;gt;&amp;lt;/param&amp;gt;
                                                                                 &amp;lt;attack&amp;gt;&amp;lt;/attack&amp;gt;
@@ -18082,6 +18095,7 @@ This is particularly useful for comparing 2 sessions which access the same appli
                                                                 
                                                                         &amp;lt;instance&amp;gt;
                                                                                 &amp;lt;uri&amp;gt;http://localhost:8080/bodgeit/js/util.js&amp;lt;/uri&amp;gt;
+                                                                                &amp;lt;nodeName&amp;gt;http://localhost:8080/bodgeit/js/util.js&amp;lt;/nodeName&amp;gt;
                                                                                 &amp;lt;method&amp;gt;GET&amp;lt;/method&amp;gt;
                                                                                 &amp;lt;param&amp;gt;&amp;lt;/param&amp;gt;
                                                                                 &amp;lt;attack&amp;gt;&amp;lt;/attack&amp;gt;
@@ -18178,6 +18192,7 @@ This is particularly useful for comparing 2 sessions which access the same appli
                                                                 
                                                         &amp;lt;/instances&amp;gt;
                                                         &amp;lt;count&amp;gt;3&amp;lt;/count&amp;gt;
+                                                        &amp;lt;systemic&amp;gt;false&amp;lt;/systemic&amp;gt;
                                                         &amp;lt;solution&amp;gt;&amp;lt;/solution&amp;gt;
                                                         &amp;lt;otherinfo&amp;gt;NOTE: Because of its name this cookie may be important, but dropping it appears to have no effect: [JSESSIONID] 
         Cookies that don&amp;amp;apos;t have expected effects can reveal flaws in application logic. In the worst case, this can reveal where authentication via cookie token(s) is not actually enforced.
diff --git a/search/index.json b/search/index.json
index 85656c2c05..a9a9783568 100644
--- a/search/index.json
+++ b/search/index.json
@@ -7964,8 +7964,8 @@
     "title": "Top ZAP Add-Ons Last Month",
     "keywords": ["","add-ons","last","month","top","zap"],
     "tags": null,
-    "summary": "\u003cp\u003eThese were the most frequently installed \u003cstrong\u003eoptional\u003c/strong\u003e add-ons last month.\u003c/p\u003e\n\u003cp\u003eNote that this does not mean they were the most \u003cstrong\u003eused\u003c/strong\u003e add-ons - that is harder to quantify.\u003c/p\u003e\n\u003ctable class=\"table market-table\"\u003e\n    \u003cthead  align=\"left\"\u003e\n    \u003ctr\u003e\n        \u003cth \u003ePosition\u003c/th\u003e\n        \u003cth \u003eAdd-On\u003c/th\u003e\n        \u003cth \u003eStatus\u003c/th\u003e\n        \u003cth\u003eID\u003c/th\u003e\n        \u003cth \u003eLast Updated\u003c/th\u003e\n    \u003c/tr\u003e\n    \u003c/thead\u003e\n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          1\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/import-export/\"\u003eImport/Export\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          beta\n        \u003c/td\u003e\n        \u003ctd \u003e\n          exim\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-09-02\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          2\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/database/\"\u003eDatabase\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          alpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          database\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-03-04\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          3\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/requester/\"\u003eRequester\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          beta\n        \u003c/td\u003e\n        \u003ctd \u003e\n          requester\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-01-10\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          4\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/spider/\"\u003eSpider\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          release\n        \u003c/td\u003e\n        \u003ctd \u003e\n          spider\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-11-04\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          5\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/authentication-helper/\"\u003eAuthentication Helper\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          beta\n        \u003c/td\u003e\n        \u003ctd \u003e\n          authhelper\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-11-05\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          6\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/postman-support/\"\u003ePostman Support\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          alpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          postman\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-09-02\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          7\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/passive-scanner/\"\u003ePassive Scanner\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          alpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          pscan\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-09-10\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          8\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/passive-scan-rules-beta/\"\u003ePassive scanner rules (beta)\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          beta\n        \u003c/td\u003e\n        \u003ctd \u003e\n          pscanrulesBeta\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-11-04\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          9\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/client-side-integration/\"\u003eClient Side Integration\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          alpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          client\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-11-04\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          10\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/scan-policies/\"\u003eScan Policies\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          alpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          scanpolicies\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-11-04\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          11\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/sequence-scanner/\"\u003eSequence\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          beta\n        \u003c/td\u003e\n        \u003ctd \u003e\n          sequence\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-01-10\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          12\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/active-scan-rules-beta/\"\u003eActive scanner rules (beta)\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          beta\n        \u003c/td\u003e\n        \u003ctd \u003e\n          ascanrulesBeta\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-11-04\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          13\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/passive-scan-rules-alpha/\"\u003ePassive scanner rules (alpha)\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          alpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          pscanrulesAlpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-11-04\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          14\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/access-control-testing/\"\u003eAccess Control Testing\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          alpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          accessControl\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2024-03-25\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          15\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/plug-n-hack/\"\u003ePlug-n-Hack Configuration\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          beta\n        \u003c/td\u003e\n        \u003ctd \u003e\n          plugnhack\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2022-10-27\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          16\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/grpc-support/\"\u003egRPC Support\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          alpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          grpc\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2024-07-02\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          17\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/custom-payloads/\"\u003eCustom Payloads\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          release\n        \u003c/td\u003e\n        \u003ctd \u003e\n          custompayloads\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-09-02\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          18\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/technology-detection/\"\u003eTechnology Detection\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          release\n        \u003c/td\u003e\n        \u003ctd \u003e\n          wappalyzer\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-11-04\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          19\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/advanced-sqlinjection-scanner/\"\u003eAdvanced SQLInjection Scanner\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          beta\n        \u003c/td\u003e\n        \u003ctd \u003e\n          sqliplugin\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-04-30\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          20\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/active-scan-rules-alpha/\"\u003eActive scanner rules (alpha)\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          alpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          ascanrulesAlpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-11-04\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n\u003c/table\u003e",
-    "content": "these were most frequently installed optional addons last month note that does not mean they used harder quantify position addon status id updated importexport beta exim 20250902 database alpha 20250304 requester 20250110 spider release 20251104 authentication helper authhelper 20251105 postman support passive scanner pscan 20250910 rules pscanrulesbeta client side integration 10 scan policies scanpolicies 11 sequence 12 active ascanrulesbeta 13 pscanrulesalpha 14 access control testing accesscontrol 20240325 15 plugnhack configuration 20221027 16 grpc 20240702 17 custom payloads custompayloads 18 technology detection wappalyzer 19 advanced sqlinjection sqliplugin 20250430 20 ascanrulesalpha "
+    "summary": "\u003cp\u003eThese were the most frequently installed \u003cstrong\u003eoptional\u003c/strong\u003e add-ons last month.\u003c/p\u003e\n\u003cp\u003eNote that this does not mean they were the most \u003cstrong\u003eused\u003c/strong\u003e add-ons - that is harder to quantify.\u003c/p\u003e\n\u003ctable class=\"table market-table\"\u003e\n    \u003cthead  align=\"left\"\u003e\n    \u003ctr\u003e\n        \u003cth \u003ePosition\u003c/th\u003e\n        \u003cth \u003eAdd-On\u003c/th\u003e\n        \u003cth \u003eStatus\u003c/th\u003e\n        \u003cth\u003eID\u003c/th\u003e\n        \u003cth \u003eLast Updated\u003c/th\u003e\n    \u003c/tr\u003e\n    \u003c/thead\u003e\n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          1\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/import-export/\"\u003eImport/Export\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          beta\n        \u003c/td\u003e\n        \u003ctd \u003e\n          exim\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-09-02\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          2\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/database/\"\u003eDatabase\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          alpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          database\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-03-04\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          3\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/requester/\"\u003eRequester\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          beta\n        \u003c/td\u003e\n        \u003ctd \u003e\n          requester\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-01-10\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          4\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/spider/\"\u003eSpider\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          release\n        \u003c/td\u003e\n        \u003ctd \u003e\n          spider\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-11-04\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          5\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/authentication-helper/\"\u003eAuthentication Helper\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          beta\n        \u003c/td\u003e\n        \u003ctd \u003e\n          authhelper\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-11-07\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          6\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/postman-support/\"\u003ePostman Support\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          alpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          postman\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-09-02\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          7\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/passive-scanner/\"\u003ePassive Scanner\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          alpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          pscan\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-09-10\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          8\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/passive-scan-rules-beta/\"\u003ePassive scanner rules (beta)\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          beta\n        \u003c/td\u003e\n        \u003ctd \u003e\n          pscanrulesBeta\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-11-04\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          9\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/client-side-integration/\"\u003eClient Side Integration\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          alpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          client\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-11-04\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          10\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/scan-policies/\"\u003eScan Policies\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          alpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          scanpolicies\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-11-04\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          11\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/sequence-scanner/\"\u003eSequence\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          beta\n        \u003c/td\u003e\n        \u003ctd \u003e\n          sequence\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-01-10\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          12\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/active-scan-rules-beta/\"\u003eActive scanner rules (beta)\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          beta\n        \u003c/td\u003e\n        \u003ctd \u003e\n          ascanrulesBeta\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-11-04\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          13\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/passive-scan-rules-alpha/\"\u003ePassive scanner rules (alpha)\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          alpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          pscanrulesAlpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-11-04\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          14\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/access-control-testing/\"\u003eAccess Control Testing\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          alpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          accessControl\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2024-03-25\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          15\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/plug-n-hack/\"\u003ePlug-n-Hack Configuration\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          beta\n        \u003c/td\u003e\n        \u003ctd \u003e\n          plugnhack\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2022-10-27\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          16\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/grpc-support/\"\u003egRPC Support\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          alpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          grpc\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2024-07-02\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          17\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/custom-payloads/\"\u003eCustom Payloads\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          release\n        \u003c/td\u003e\n        \u003ctd \u003e\n          custompayloads\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-09-02\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          18\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/technology-detection/\"\u003eTechnology Detection\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          release\n        \u003c/td\u003e\n        \u003ctd \u003e\n          wappalyzer\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-11-04\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          19\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/advanced-sqlinjection-scanner/\"\u003eAdvanced SQLInjection Scanner\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          beta\n        \u003c/td\u003e\n        \u003ctd \u003e\n          sqliplugin\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-04-30\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n      \n      \u003ctr\u003e\n        \u003ctd \u003e\n          20\n        \u003c/td\u003e\n        \u003ctd \u003e\n          \n            \u003ca href=\"/docs/desktop/addons/active-scan-rules-alpha/\"\u003eActive scanner rules (alpha)\u003c/a\u003e\n          \n        \u003c/td\u003e\n        \u003ctd \u003e\n          alpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          ascanrulesAlpha\n        \u003c/td\u003e\n        \u003ctd \u003e\n          2025-11-04\n        \u003c/td\u003e\n      \u003c/tr\u003e\n      \n    \n\u003c/table\u003e",
+    "content": "these were most frequently installed optional addons last month note that does not mean they used harder quantify position addon status id updated importexport beta exim 20250902 database alpha 20250304 requester 20250110 spider release 20251104 authentication helper authhelper 20251107 postman support passive scanner pscan 20250910 rules pscanrulesbeta client side integration 10 scan policies scanpolicies 11 sequence 12 active ascanrulesbeta 13 pscanrulesalpha 14 access control testing accesscontrol 20240325 15 plugnhack configuration 20221027 16 grpc 20240702 17 custom payloads custompayloads 18 technology detection wappalyzer 19 advanced sqlinjection sqliplugin 20250430 20 ascanrulesalpha "
     },
 {
     "url": "/docs/alerts/40029/",
@@ -7996,16 +7996,16 @@
     "title": "Traditional JSON Report",
     "keywords": ["","json","report","traditional"],
     "tags": null,
-    "summary": "\u003ch1 id=\"traditional-json-report\"\u003eTraditional JSON Report\u003c/h1\u003e\n\n\u003ch3 id=\"sample\"\u003eSample \u003ca class=\"header-link\" href=\"#sample\"\u003e\u003csvg class=\"fill-current o-60 hover-accent-color-light\" height=\"22px\" viewBox=\"0 0 24 24\" width=\"22px\" xmlns=\"http://www.w3.org/2000/svg\"\u003e\u003cpath d=\"M0 0h24v24H0z\" fill=\"none\"/\u003e\u003cpath d=\"M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z\" fill=\"currentColor\"/\u003e\u003c/svg\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003e{\n    \u0026#34;@version\u0026#34;: \u0026#34;Dev Build\u0026#34;,\n    \u0026#34;@generated\u0026#34;: \u0026#34;Fri, 4 Feb 2022 13:04:51\u0026#34;,\n    \u0026#34;created\u0026#34;: \u0026#34;2022-02-04T13:04:51.236211400Z\u0026#34;,\n    \u0026#34;site\u0026#34;:[\n        {\n            \u0026#34;@name\u0026#34;: \u0026#34;http://localhost:8080\u0026#34;,\n            \u0026#34;@host\u0026#34;: \u0026#34;localhost\u0026#34;,\n            \u0026#34;@port\u0026#34;: \u0026#34;8080\u0026#34;,\n            \u0026#34;@ssl\u0026#34;: \u0026#34;false\u0026#34;,\n            \u0026#34;alerts\u0026#34;: [\n                {\n                    \u0026#34;pluginid\u0026#34;: \u0026#34;40012\u0026#34;,\n                    \u0026#34;alertRef\u0026#34;: \u0026#34;40012\u0026#34;,\n                    \u0026#34;alert\u0026#34;: \u0026#34;Cross Site Scripting (Reflected)\u0026#34;,\n                    \u0026#34;name\u0026#34;: \u0026#34;Cross Site Scripting (Reflected)\u0026#34;,\n                    \u0026#34;riskcode\u0026#34;: \u0026#34;3\u0026#34;,\n                    \u0026#34;confidence\u0026#34;: \u0026#34;2\u0026#34;,\n                    \u0026#34;riskdesc\u0026#34;: \u0026#34;High (Medium)\u0026#34;,\n                    \u0026#34;desc\u0026#34;: \u0026#34;\u0026lt;p\u0026gt;Cross-site Scripting (XSS) is an attack technique that involves ...\u0026lt;/p\u0026gt;\u0026#34;,\n                    \u0026#34;instances\u0026#34;:[\n                        {\n                            \u0026#34;uri\u0026#34;: \u0026#34;http://localhost:8080/bodgeit/search.jsp?q=%3C%2Ffont%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cfont%3E\u0026#34;,\n                            \u0026#34;method\u0026#34;: \u0026#34;GET\u0026#34;,\n                            \u0026#34;param\u0026#34;: \u0026#34;q\u0026#34;,\n                            \u0026#34;attack\u0026#34;: \u0026#34;\u0026lt;/font\u0026gt;\u0026lt;scrIpt\u0026gt;alert(1);\u0026lt;/scRipt\u0026gt;\u0026lt;font\u0026gt;\u0026#34;,\n                            \u0026#34;evidence\u0026#34;: \u0026#34;\u0026lt;/font\u0026gt;\u0026lt;scrIpt\u0026gt;alert(1);\u0026lt;/scRipt\u0026gt;\u0026lt;font\u0026gt;\u0026#34;,\n                            \u0026#34;otherinfo\u0026#34;: \u0026#34;\u0026#34;\n                        },\n                        {\n                            \u0026#34;uri\u0026#34;: \u0026#34;http://localhost:8080/bodgeit/contact.jsp\u0026#34;,\n                            \u0026#34;method\u0026#34;: \u0026#34;POST\u0026#34;,\n                            \u0026#34;param\u0026#34;: \u0026#34;comments\u0026#34;,\n                            \u0026#34;attack\u0026#34;: \u0026#34;\u0026lt;/td\u0026gt;\u0026lt;scrIpt\u0026gt;alert(1);\u0026lt;/scRipt\u0026gt;\u0026lt;td\u0026gt;\u0026#34;,\n                            \u0026#34;evidence\u0026#34;: \u0026#34;\u0026lt;/td\u0026gt;\u0026lt;scrIpt\u0026gt;alert(1);\u0026lt;/scRipt\u0026gt;\u0026lt;td\u0026gt;\u0026#34;,\n                            \u0026#34;otherinfo\u0026#34;: \u0026#34;\u0026#34;\n                        }\n                    ],                   \n                    \u0026#34;count\u0026#34;: \u0026#34;2\u0026#34;, \n                    \u0026#34;solution\u0026#34;: \u0026#34;\u0026lt;p\u0026gt;Phase: Architecture and Design\u0026lt;/p\u0026gt;\u0026lt;p\u0026gt;Use a vetted library or framework that does not ...\u0026lt;/p\u0026gt;\u0026#34;,\n                    \u0026#34;otherinfo\u0026#34;: \u0026#34;\u0026#34;,\n                    \u0026#34;reference\u0026#34;: \u0026#34;\u0026lt;p\u0026gt;http://projects.webappsec.org/Cross-Site-Scripting\u0026lt;/p\u0026gt;\u0026lt;p\u0026gt;http://cwe.mitre.org/data/definitions/79.html\u0026lt;/p\u0026gt;\u0026#34;,\n                    \u0026#34;cweid\u0026#34;: \u0026#34;79\u0026#34;,\n                    \u0026#34;wascid\u0026#34;: \u0026#34;8\u0026#34;,\n                    \u0026#34;sourceid\u0026#34;: \u0026#34;36977\u0026#34;\n                },\n\u003c/code\u003e\u003c/pre\u003e\u003cp\u003eThe report can also include details of Sequences and related active scanning results, for example:\u003c/p\u003e",
-    "content": "traditional json report sample 34version34: 34dev build34 34generated34: 34fri feb 2022 13:04:5134 34created34: 3420220204t13:04:51236211400z34 34site34: 34name34: 34http:localhost:808034 34host34: 34localhost34 34port34: 34808034 34ssl34: 34false34 34alerts34: 34pluginid34: 344001234 34alertref34: 34alert34: 34cross site scripting reflected34 34riskcode34: 34334 34confidence34: 34234 34riskdesc34: 34high medium34 34desc34: 34pcrosssite xss attack technique that involves p34 34instances34: 34uri34: 34http:localhost:8080bodgeitsearchjspq3c2ffont3e3cscript3ealert281293b3c2fscript3e3cfont3e34 34method34: 34get34 34param34: 34q34 34attack34: 34fontscriptalert1scriptfont34 34evidence34: 34otherinfo34: 3434 34http:localhost:8080bodgeitcontactjsp34 34post34 34comments34 34tdscriptalert1scripttd34 34count34: 34solution34: 34pphase: architecture designppuse vetted library framework does not 34reference34: 34phttp:projectswebappsecorgcrosssitescriptingpphttp:cwemitreorgdatadefinitions79htmlp34 34cweid34: 347934 34wascid34: 34834 34sourceid34: 343697734 can also include details sequences related active scanning results example: 34sequences34: 34seq name34 34steps34: 34step34: 34134 34pass34: 34true34 34resultdetails34: 34pass34 34alertids34: 34original34: 34https:wwwexamplecomstep134 34replay34: 34fail34 34https:wwwexamplecomstep234 "
+    "summary": "\u003ch1 id=\"traditional-json-report\"\u003eTraditional JSON Report\u003c/h1\u003e\n\n\u003ch3 id=\"sample\"\u003eSample \u003ca class=\"header-link\" href=\"#sample\"\u003e\u003csvg class=\"fill-current o-60 hover-accent-color-light\" height=\"22px\" viewBox=\"0 0 24 24\" width=\"22px\" xmlns=\"http://www.w3.org/2000/svg\"\u003e\u003cpath d=\"M0 0h24v24H0z\" fill=\"none\"/\u003e\u003cpath d=\"M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z\" fill=\"currentColor\"/\u003e\u003c/svg\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003e{\n    \u0026#34;@version\u0026#34;: \u0026#34;Dev Build\u0026#34;,\n    \u0026#34;@generated\u0026#34;: \u0026#34;Fri, 4 Feb 2022 13:04:51\u0026#34;,\n    \u0026#34;created\u0026#34;: \u0026#34;2022-02-04T13:04:51.236211400Z\u0026#34;,\n    \u0026#34;site\u0026#34;:[\n        {\n            \u0026#34;@name\u0026#34;: \u0026#34;http://localhost:8080\u0026#34;,\n            \u0026#34;@host\u0026#34;: \u0026#34;localhost\u0026#34;,\n            \u0026#34;@port\u0026#34;: \u0026#34;8080\u0026#34;,\n            \u0026#34;@ssl\u0026#34;: \u0026#34;false\u0026#34;,\n            \u0026#34;alerts\u0026#34;: [\n                {\n                    \u0026#34;pluginid\u0026#34;: \u0026#34;40012\u0026#34;,\n                    \u0026#34;alertRef\u0026#34;: \u0026#34;40012\u0026#34;,\n                    \u0026#34;alert\u0026#34;: \u0026#34;Cross Site Scripting (Reflected)\u0026#34;,\n                    \u0026#34;name\u0026#34;: \u0026#34;Cross Site Scripting (Reflected)\u0026#34;,\n                    \u0026#34;riskcode\u0026#34;: \u0026#34;3\u0026#34;,\n                    \u0026#34;confidence\u0026#34;: \u0026#34;2\u0026#34;,\n                    \u0026#34;riskdesc\u0026#34;: \u0026#34;High (Medium)\u0026#34;,\n                    \u0026#34;desc\u0026#34;: \u0026#34;\u0026lt;p\u0026gt;Cross-site Scripting (XSS) is an attack technique that involves ...\u0026lt;/p\u0026gt;\u0026#34;,\n                    \u0026#34;instances\u0026#34;:[\n                        {\n                            \u0026#34;uri\u0026#34;: \u0026#34;http://localhost:8080/bodgeit/search.jsp?q=%3C%2Ffont%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cfont%3E\u0026#34;,\n                            \u0026#34;nodeName\u0026#34;: \u0026#34;http://localhost:8080/bodgeit/search.jsp (q)\u0026#34;,\n                            \u0026#34;method\u0026#34;: \u0026#34;GET\u0026#34;,\n                            \u0026#34;param\u0026#34;: \u0026#34;q\u0026#34;,\n                            \u0026#34;attack\u0026#34;: \u0026#34;\u0026lt;/font\u0026gt;\u0026lt;scrIpt\u0026gt;alert(1);\u0026lt;/scRipt\u0026gt;\u0026lt;font\u0026gt;\u0026#34;,\n                            \u0026#34;evidence\u0026#34;: \u0026#34;\u0026lt;/font\u0026gt;\u0026lt;scrIpt\u0026gt;alert(1);\u0026lt;/scRipt\u0026gt;\u0026lt;font\u0026gt;\u0026#34;,\n                            \u0026#34;otherinfo\u0026#34;: \u0026#34;\u0026#34;\n                        },\n                        {\n                            \u0026#34;uri\u0026#34;: \u0026#34;http://localhost:8080/bodgeit/contact.jsp\u0026#34;,\n                            \u0026#34;nodeName\u0026#34;: \u0026#34;http://localhost:8080/bodgeit/contact.jsp\u0026#34;,\n                            \u0026#34;method\u0026#34;: \u0026#34;POST\u0026#34;,\n                            \u0026#34;param\u0026#34;: \u0026#34;comments\u0026#34;,\n                            \u0026#34;attack\u0026#34;: \u0026#34;\u0026lt;/td\u0026gt;\u0026lt;scrIpt\u0026gt;alert(1);\u0026lt;/scRipt\u0026gt;\u0026lt;td\u0026gt;\u0026#34;,\n                            \u0026#34;evidence\u0026#34;: \u0026#34;\u0026lt;/td\u0026gt;\u0026lt;scrIpt\u0026gt;alert(1);\u0026lt;/scRipt\u0026gt;\u0026lt;td\u0026gt;\u0026#34;,\n                            \u0026#34;otherinfo\u0026#34;: \u0026#34;\u0026#34;\n                        }\n                    ],                   \n                    \u0026#34;count\u0026#34;: \u0026#34;2\u0026#34;, \n                    \u0026#34;systemic\u0026#34;: false, \n                    \u0026#34;solution\u0026#34;: \u0026#34;\u0026lt;p\u0026gt;Phase: Architecture and Design\u0026lt;/p\u0026gt;\u0026lt;p\u0026gt;Use a vetted library or framework that does not ...\u0026lt;/p\u0026gt;\u0026#34;,\n                    \u0026#34;otherinfo\u0026#34;: \u0026#34;\u0026#34;,\n                    \u0026#34;reference\u0026#34;: \u0026#34;\u0026lt;p\u0026gt;http://projects.webappsec.org/Cross-Site-Scripting\u0026lt;/p\u0026gt;\u0026lt;p\u0026gt;http://cwe.mitre.org/data/definitions/79.html\u0026lt;/p\u0026gt;\u0026#34;,\n                    \u0026#34;cweid\u0026#34;: \u0026#34;79\u0026#34;,\n                    \u0026#34;wascid\u0026#34;: \u0026#34;8\u0026#34;,\n                    \u0026#34;sourceid\u0026#34;: \u0026#34;36977\u0026#34;\n                },\n\u003c/code\u003e\u003c/pre\u003e\u003cp\u003eThe report can also include details of Sequences and related active scanning results, for example:\u003c/p\u003e",
+    "content": "traditional json report sample 34version34: 34dev build34 34generated34: 34fri feb 2022 13:04:5134 34created34: 3420220204t13:04:51236211400z34 34site34: 34name34: 34http:localhost:808034 34host34: 34localhost34 34port34: 34808034 34ssl34: 34false34 34alerts34: 34pluginid34: 344001234 34alertref34: 34alert34: 34cross site scripting reflected34 34riskcode34: 34334 34confidence34: 34234 34riskdesc34: 34high medium34 34desc34: 34pcrosssite xss attack technique that involves p34 34instances34: 34uri34: 34http:localhost:8080bodgeitsearchjspq3c2ffont3e3cscript3ealert281293b3c2fscript3e3cfont3e34 34nodename34: 34http:localhost:8080bodgeitsearchjsp q34 34method34: 34get34 34param34: 34q34 34attack34: 34fontscriptalert1scriptfont34 34evidence34: 34otherinfo34: 3434 34http:localhost:8080bodgeitcontactjsp34 34post34 34comments34 34tdscriptalert1scripttd34 34count34: 34systemic34: false 34solution34: 34pphase: architecture designppuse vetted library framework does not 34reference34: 34phttp:projectswebappsecorgcrosssitescriptingpphttp:cwemitreorgdatadefinitions79htmlp34 34cweid34: 347934 34wascid34: 34834 34sourceid34: 343697734 can also include details sequences related active scanning results example: 34sequences34: 34seq name34 34steps34: 34step34: 34134 34pass34: 34true34 34resultdetails34: 34pass34 34alertids34: 34original34: 34https:wwwexamplecomstep134 34replay34: 34fail34 34https:wwwexamplecomstep234 "
     },
 {
     "url": "/docs/desktop/addons/report-generation/report-traditional-json-plus/",
     "title": "Traditional JSON Report with Requests and Responses",
     "keywords": ["","and","json","report","requests","responses","traditional","with"],
     "tags": null,
-    "summary": "\u003ch1 id=\"traditional-json-report-with-requests-and-responses\"\u003eTraditional JSON Report with Requests and Responses\u003c/h1\u003e\n\n\u003ch3 id=\"sections\"\u003eSections \u003ca class=\"header-link\" href=\"#sections\"\u003e\u003csvg class=\"fill-current o-60 hover-accent-color-light\" height=\"22px\" viewBox=\"0 0 24 24\" width=\"22px\" xmlns=\"http://www.w3.org/2000/svg\"\u003e\u003cpath d=\"M0 0h24v24H0z\" fill=\"none\"/\u003e\u003cpath d=\"M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z\" fill=\"currentColor\"/\u003e\u003c/svg\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003ctable\u003e\n  \u003cthead\u003e\n      \u003ctr\u003e\n          \u003cth style=\"text-align: left\"\u003eSection\u003c/th\u003e\n          \u003cth style=\"text-align: left\"\u003eID\u003c/th\u003e\n      \u003c/tr\u003e\n  \u003c/thead\u003e\n  \u003ctbody\u003e\n      \u003ctr\u003e\n          \u003ctd style=\"text-align: left\"\u003eStatistics\u003c/td\u003e\n          \u003ctd style=\"text-align: left\"\u003estatistics\u003c/td\u003e\n      \u003c/tr\u003e\n      \u003ctr\u003e\n          \u003ctd style=\"text-align: left\"\u003eSequence Details\u003c/td\u003e\n          \u003ctd style=\"text-align: left\"\u003esequencedetails\u003c/td\u003e\n      \u003c/tr\u003e\n      \u003ctr\u003e\n          \u003ctd style=\"text-align: left\"\u003eAutomation Framework State\u003c/td\u003e\n          \u003ctd style=\"text-align: left\"\u003eafstate\u003c/td\u003e\n      \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n\u003ch3 id=\"sample\"\u003eSample \u003ca class=\"header-link\" href=\"#sample\"\u003e\u003csvg class=\"fill-current o-60 hover-accent-color-light\" height=\"22px\" viewBox=\"0 0 24 24\" width=\"22px\" xmlns=\"http://www.w3.org/2000/svg\"\u003e\u003cpath d=\"M0 0h24v24H0z\" fill=\"none\"/\u003e\u003cpath d=\"M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z\" fill=\"currentColor\"/\u003e\u003c/svg\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003e{\n    \u0026#34;@version\u0026#34;: \u0026#34;Dev Build\u0026#34;,\n    \u0026#34;@generated\u0026#34;: \u0026#34;Fri, 4 Feb 2022 13:04:51\u0026#34;,\n    \u0026#34;created\u0026#34;: \u0026#34;2022-02-04T13:04:51.236211400Z\u0026#34;,\n    \u0026#34;site\u0026#34;:[\n        {\n            \u0026#34;@name\u0026#34;: \u0026#34;http://localhost:8080\u0026#34;,\n            \u0026#34;@host\u0026#34;: \u0026#34;localhost\u0026#34;,\n            \u0026#34;@port\u0026#34;: \u0026#34;8080\u0026#34;,\n            \u0026#34;@ssl\u0026#34;: \u0026#34;false\u0026#34;,\n            \u0026#34;alerts\u0026#34;: [\n                {\n                    \u0026#34;pluginid\u0026#34;: \u0026#34;40012\u0026#34;,\n                    \u0026#34;alertRef\u0026#34;: \u0026#34;40012\u0026#34;,\n                    \u0026#34;alert\u0026#34;: \u0026#34;Cross Site Scripting (Reflected)\u0026#34;,\n                    \u0026#34;name\u0026#34;: \u0026#34;Cross Site Scripting (Reflected)\u0026#34;,\n                    \u0026#34;riskcode\u0026#34;: \u0026#34;3\u0026#34;,\n                    \u0026#34;confidence\u0026#34;: \u0026#34;2\u0026#34;,\n                    \u0026#34;riskdesc\u0026#34;: \u0026#34;High (Medium)\u0026#34;,\n                    \u0026#34;desc\u0026#34;: \u0026#34;\u0026lt;p\u0026gt;Cross-site Scripting (XSS) is an attack technique that involves ...\u0026lt;/p\u0026gt;\u0026#34;,\n                    \u0026#34;instances\u0026#34;:[\n                        {\n                            \u0026#34;uri\u0026#34;: \u0026#34;http://localhost:8080/bodgeit/search.jsp?q=%3C%2Ffont%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cfont%3E\u0026#34;,\n                            \u0026#34;method\u0026#34;: \u0026#34;GET\u0026#34;,\n                            \u0026#34;param\u0026#34;: \u0026#34;q\u0026#34;,\n                            \u0026#34;attack\u0026#34;: \u0026#34;\u0026lt;/font\u0026gt;\u0026lt;scrIpt\u0026gt;alert(1);\u0026lt;/scRipt\u0026gt;\u0026lt;font\u0026gt;\u0026#34;,\n                            \u0026#34;evidence\u0026#34;: \u0026#34;\u0026lt;/font\u0026gt;\u0026lt;scrIpt\u0026gt;alert(1);\u0026lt;/scRipt\u0026gt;\u0026lt;font\u0026gt;\u0026#34;,\n                            \u0026#34;otherinfo\u0026#34;: \u0026#34;\u0026#34;,\n                            \u0026#34;request-header\u0026#34;: \u0026#34;GET http://localhost:8080/bodgeit/search.jsp?q=%3C%2Ffont%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cfont%3E HTTP/1.1\\r\\n...\u0026#34;,\n                            \u0026#34;request-body\u0026#34;: \u0026#34;\u0026#34;,\n                            \u0026#34;response-header\u0026#34;: \u0026#34;HTTP/1.1 200\\r\\nContent-Type: text/html;charset=ISO-8859-1\\r\\nContent-Length: 2045\\r\\nDate: Fri, 04 Feb 2022 11:56:38 GMT\\r\\n\\r\\n\u0026#34;,\n                            \u0026#34;response-body\u0026#34;: \u0026#34;\\n\\n\\n\\n\\n\\n\\n\u0026lt;!DOCTYPE HTML PUBLIC \\\u0026#34;-//W3C//DTD HTML 3.2//EN\\\u0026#34;\u0026gt;\\n\u0026lt;html\u0026gt;...\u0026#34;\n                        },\n                        {\n                            \u0026#34;uri\u0026#34;: \u0026#34;http://localhost:8080/bodgeit/contact.jsp\u0026#34;,\n                            \u0026#34;method\u0026#34;: \u0026#34;POST\u0026#34;,\n                            \u0026#34;param\u0026#34;: \u0026#34;comments\u0026#34;,\n                            \u0026#34;attack\u0026#34;: \u0026#34;\u0026lt;/td\u0026gt;\u0026lt;scrIpt\u0026gt;alert(1);\u0026lt;/scRipt\u0026gt;\u0026lt;td\u0026gt;\u0026#34;,\n                            \u0026#34;evidence\u0026#34;: \u0026#34;\u0026lt;/td\u0026gt;\u0026lt;scrIpt\u0026gt;alert(1);\u0026lt;/scRipt\u0026gt;\u0026lt;td\u0026gt;\u0026#34;,\n                            \u0026#34;otherinfo\u0026#34;: \u0026#34;\u0026#34;,\n                            \u0026#34;request-header\u0026#34;: \u0026#34;POST http://localhost:8080/bodgeit/contact.jsp HTTP/1.1\\r\\nHost: localhost:8080\\r\\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0)...\u0026#34;,\n                            \u0026#34;request-body\u0026#34;: \u0026#34;null=\u0026amp;anticsrf=0.7583553183173598\u0026amp;comments=%3C%2Ftd%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Ctd%3E\u0026#34;,\n                            \u0026#34;response-header\u0026#34;: \u0026#34;HTTP/1.1 200\\r\\nContent-Type: text/html;charset=ISO-8859-1\\r\\nContent-Length: 2025\\r\\nDate: Fri, 04 Feb 2022 11:56:35 GMT\\r\\n\\r\\n\u0026#34;,\n                            \u0026#34;response-body\u0026#34;: \u0026#34;\\n\\n\\n\\n\\n\\n\u0026lt;!DOCTYPE HTML PUBLIC \\\u0026#34;-//W3C//DTD HTML 3.2//EN\\\u0026#34;\u0026gt;\\n\u0026lt;html\u0026gt;...\u0026#34;\n                        }\n                    ],                   \n                    \u0026#34;count\u0026#34;: \u0026#34;2\u0026#34;, \n                    \u0026#34;solution\u0026#34;: \u0026#34;\u0026lt;p\u0026gt;Phase: Architecture and Design\u0026lt;/p\u0026gt;\u0026lt;p\u0026gt;Use a vetted library or framework that does not ...\u0026lt;/p\u0026gt;\u0026#34;,\n                    \u0026#34;otherinfo\u0026#34;: \u0026#34;\u0026#34;,\n                    \u0026#34;reference\u0026#34;: \u0026#34;\u0026lt;p\u0026gt;http://projects.webappsec.org/Cross-Site-Scripting\u0026lt;/p\u0026gt;\u0026lt;p\u0026gt;http://cwe.mitre.org/data/definitions/79.html\u0026lt;/p\u0026gt;\u0026#34;,\n                    \u0026#34;cweid\u0026#34;: \u0026#34;79\u0026#34;,\n                    \u0026#34;wascid\u0026#34;: \u0026#34;8\u0026#34;,\n                    \u0026#34;sourceid\u0026#34;: \u0026#34;36977\u0026#34;,\n                    \u0026#34;tags\u0026#34;:[ \n                        {\n                            \u0026#34;tag\u0026#34;: \u0026#34;OWASP_2021_A03\u0026#34;,\n                            \u0026#34;link\u0026#34;: \u0026#34;https://owasp.org/Top10/A03_2021-Injection/\u0026#34;\n                        },\n                        {\n                            \u0026#34;tag\u0026#34;: \u0026#34;WSTG-v42-INPV-01\u0026#34;,\n                            \u0026#34;link\u0026#34;: \u0026#34;https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting\u0026#34;\n                        },\n                        {\n                            \u0026#34;tag\u0026#34;: \u0026#34;OWASP_2017_A07\u0026#34;,\n                            \u0026#34;link\u0026#34;: \u0026#34;https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS).html\u0026#34;\n                        }\n                    ]\n                },\n                ...\n            ]\n        }\n    ]\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch4 id=\"statistics-section\"\u003eStatistics Section \u003ca class=\"header-link\" href=\"#statistics-section\"\u003e\u003csvg class=\"fill-current o-60 hover-accent-color-light\" height=\"22px\" viewBox=\"0 0 24 24\" width=\"22px\" xmlns=\"http://www.w3.org/2000/svg\"\u003e\u003cpath d=\"M0 0h24v24H0z\" fill=\"none\"/\u003e\u003cpath d=\"M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z\" fill=\"currentColor\"/\u003e\u003c/svg\u003e\u003c/a\u003e\u003c/h4\u003e\n\u003cp\u003eThe report can also include statistics, per site and global, for example:\u003c/p\u003e",
-    "content": "traditional json report requests responses sections section id statistics sequence details sequencedetails automation framework state afstate sample 34version34: 34dev build34 34generated34: 34fri feb 2022 13:04:5134 34created34: 3420220204t13:04:51236211400z34 34site34: 34name34: 34http:localhost:808034 34host34: 34localhost34 34port34: 34808034 34ssl34: 34false34 34alerts34: 34pluginid34: 344001234 34alertref34: 34alert34: 34cross site scripting reflected34 34riskcode34: 34334 34confidence34: 34234 34riskdesc34: 34high medium34 34desc34: 34pcrosssite xss attack technique that involves p34 34instances34: 34uri34: 34http:localhost:8080bodgeitsearchjspq3c2ffont3e3cscript3ealert281293b3c2fscript3e3cfont3e34 34method34: 34get34 34param34: 34q34 34attack34: 34fontscriptalert1scriptfont34 34evidence34: 34otherinfo34: 3434 34requestheader34: 34get http:localhost:8080bodgeitsearchjspq3c2ffont3e3cscript3ealert281293b3c2fscript3e3cfont3e http11rn34 34requestbody34: 34responseheader34: 34http11 200rncontenttype: texthtmlcharsetiso88591rncontentlength: 2045rndate: fri 04 11:56:38 gmtrnrn34 34responsebody34: 34nnnnnnndoctype html public 34w3cdtd 32en34nhtml34 34http:localhost:8080bodgeitcontactjsp34 34post34 34comments34 34tdscriptalert1scripttd34 34post http:localhost:8080bodgeitcontactjsp http11rnhost: localhost:8080rnuseragent: mozilla50 windows nt 100 win64 x64 rv:92034 34nullanticsrf07583553183173598comments3c2ftd3e3cscript3ealert281293b3c2fscript3e3ctd3e34 2025rndate: 11:56:35 34nnnnnndoctype 34count34: 34solution34: 34pphase: architecture designppuse vetted library does not 34reference34: 34phttp:projectswebappsecorgcrosssitescriptingpphttp:cwemitreorgdatadefinitions79htmlp34 34cweid34: 347934 34wascid34: 34834 34sourceid34: 343697734 34tags34: 34tag34: 34owasp2021a0334 34link34: 34https:owasporgtop10a032021injection34 34wstgv42inpv0134 34https:owasporgwwwprojectwebsecuritytestingguidev424webapplicationsecuritytesting07inputvalidationtesting01testingforreflectedcrosssitescripting34 34owasp2017a0734 34https:owasporgwwwprojecttopten2017a72017crosssitescriptingxsshtml34 can also include per global example: 34statistics34: 34sitespecificstata34: 34sitespecificstatb34: 34globalstata34: 34globalstatb34: sequences related active scanning results 34sequences34: 34seq name34 34steps34: 34step34: 34134 34pass34: 34true34 34resultdetails34: 34pass34 34alertids34: 34original34: 34https:wwwexamplecomstep134 https:wwwexamplecomstep1 wwwexamplecomrnuseragent: rv:920 gecko20100101 firefox920rnpragma: nocacherncachecontrol: nocacherntest: fooheaderx0000x0013rnrn34 34x0000x001334 34http10 0rntest: 34replay34: 34fail34 34https:wwwexamplecomstep234 https:wwwexamplecomstep2 errors warnings 34afplanerrors34: 34aerror a34 34afplanwarns34: 34warning b34 "
+    "summary": "\u003ch1 id=\"traditional-json-report-with-requests-and-responses\"\u003eTraditional JSON Report with Requests and Responses\u003c/h1\u003e\n\n\u003ch3 id=\"sections\"\u003eSections \u003ca class=\"header-link\" href=\"#sections\"\u003e\u003csvg class=\"fill-current o-60 hover-accent-color-light\" height=\"22px\" viewBox=\"0 0 24 24\" width=\"22px\" xmlns=\"http://www.w3.org/2000/svg\"\u003e\u003cpath d=\"M0 0h24v24H0z\" fill=\"none\"/\u003e\u003cpath d=\"M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z\" fill=\"currentColor\"/\u003e\u003c/svg\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003ctable\u003e\n  \u003cthead\u003e\n      \u003ctr\u003e\n          \u003cth style=\"text-align: left\"\u003eSection\u003c/th\u003e\n          \u003cth style=\"text-align: left\"\u003eID\u003c/th\u003e\n      \u003c/tr\u003e\n  \u003c/thead\u003e\n  \u003ctbody\u003e\n      \u003ctr\u003e\n          \u003ctd style=\"text-align: left\"\u003eStatistics\u003c/td\u003e\n          \u003ctd style=\"text-align: left\"\u003estatistics\u003c/td\u003e\n      \u003c/tr\u003e\n      \u003ctr\u003e\n          \u003ctd style=\"text-align: left\"\u003eSequence Details\u003c/td\u003e\n          \u003ctd style=\"text-align: left\"\u003esequencedetails\u003c/td\u003e\n      \u003c/tr\u003e\n      \u003ctr\u003e\n          \u003ctd style=\"text-align: left\"\u003eAutomation Framework State\u003c/td\u003e\n          \u003ctd style=\"text-align: left\"\u003eafstate\u003c/td\u003e\n      \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n\u003ch3 id=\"sample\"\u003eSample \u003ca class=\"header-link\" href=\"#sample\"\u003e\u003csvg class=\"fill-current o-60 hover-accent-color-light\" height=\"22px\" viewBox=\"0 0 24 24\" width=\"22px\" xmlns=\"http://www.w3.org/2000/svg\"\u003e\u003cpath d=\"M0 0h24v24H0z\" fill=\"none\"/\u003e\u003cpath d=\"M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z\" fill=\"currentColor\"/\u003e\u003c/svg\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003e{\n    \u0026#34;@version\u0026#34;: \u0026#34;Dev Build\u0026#34;,\n    \u0026#34;@generated\u0026#34;: \u0026#34;Fri, 4 Feb 2022 13:04:51\u0026#34;,\n    \u0026#34;created\u0026#34;: \u0026#34;2022-02-04T13:04:51.236211400Z\u0026#34;,\n    \u0026#34;site\u0026#34;:[\n        {\n            \u0026#34;@name\u0026#34;: \u0026#34;http://localhost:8080\u0026#34;,\n            \u0026#34;@host\u0026#34;: \u0026#34;localhost\u0026#34;,\n            \u0026#34;@port\u0026#34;: \u0026#34;8080\u0026#34;,\n            \u0026#34;@ssl\u0026#34;: \u0026#34;false\u0026#34;,\n            \u0026#34;alerts\u0026#34;: [\n                {\n                    \u0026#34;pluginid\u0026#34;: \u0026#34;40012\u0026#34;,\n                    \u0026#34;alertRef\u0026#34;: \u0026#34;40012\u0026#34;,\n                    \u0026#34;alert\u0026#34;: \u0026#34;Cross Site Scripting (Reflected)\u0026#34;,\n                    \u0026#34;name\u0026#34;: \u0026#34;Cross Site Scripting (Reflected)\u0026#34;,\n                    \u0026#34;riskcode\u0026#34;: \u0026#34;3\u0026#34;,\n                    \u0026#34;confidence\u0026#34;: \u0026#34;2\u0026#34;,\n                    \u0026#34;riskdesc\u0026#34;: \u0026#34;High (Medium)\u0026#34;,\n                    \u0026#34;desc\u0026#34;: \u0026#34;\u0026lt;p\u0026gt;Cross-site Scripting (XSS) is an attack technique that involves ...\u0026lt;/p\u0026gt;\u0026#34;,\n                    \u0026#34;instances\u0026#34;:[\n                        {\n                            \u0026#34;uri\u0026#34;: \u0026#34;http://localhost:8080/bodgeit/search.jsp?q=%3C%2Ffont%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cfont%3E\u0026#34;,\n                            \u0026#34;nodeName\u0026#34;: \u0026#34;http://localhost:8080/bodgeit/search.jsp (q)\u0026#34;,\n                            \u0026#34;method\u0026#34;: \u0026#34;GET\u0026#34;,\n                            \u0026#34;param\u0026#34;: \u0026#34;q\u0026#34;,\n                            \u0026#34;attack\u0026#34;: \u0026#34;\u0026lt;/font\u0026gt;\u0026lt;scrIpt\u0026gt;alert(1);\u0026lt;/scRipt\u0026gt;\u0026lt;font\u0026gt;\u0026#34;,\n                            \u0026#34;evidence\u0026#34;: \u0026#34;\u0026lt;/font\u0026gt;\u0026lt;scrIpt\u0026gt;alert(1);\u0026lt;/scRipt\u0026gt;\u0026lt;font\u0026gt;\u0026#34;,\n                            \u0026#34;otherinfo\u0026#34;: \u0026#34;\u0026#34;,\n                            \u0026#34;request-header\u0026#34;: \u0026#34;GET http://localhost:8080/bodgeit/search.jsp?q=%3C%2Ffont%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cfont%3E HTTP/1.1\\r\\n...\u0026#34;,\n                            \u0026#34;request-body\u0026#34;: \u0026#34;\u0026#34;,\n                            \u0026#34;response-header\u0026#34;: \u0026#34;HTTP/1.1 200\\r\\nContent-Type: text/html;charset=ISO-8859-1\\r\\nContent-Length: 2045\\r\\nDate: Fri, 04 Feb 2022 11:56:38 GMT\\r\\n\\r\\n\u0026#34;,\n                            \u0026#34;response-body\u0026#34;: \u0026#34;\\n\\n\\n\\n\\n\\n\\n\u0026lt;!DOCTYPE HTML PUBLIC \\\u0026#34;-//W3C//DTD HTML 3.2//EN\\\u0026#34;\u0026gt;\\n\u0026lt;html\u0026gt;...\u0026#34;\n                        },\n                        {\n                            \u0026#34;uri\u0026#34;: \u0026#34;http://localhost:8080/bodgeit/contact.jsp\u0026#34;,\n                            \u0026#34;nodeName\u0026#34;: \u0026#34;http://localhost:8080/bodgeit/contact.jsp\u0026#34;,\n                            \u0026#34;method\u0026#34;: \u0026#34;POST\u0026#34;,\n                            \u0026#34;param\u0026#34;: \u0026#34;comments\u0026#34;,\n                            \u0026#34;attack\u0026#34;: \u0026#34;\u0026lt;/td\u0026gt;\u0026lt;scrIpt\u0026gt;alert(1);\u0026lt;/scRipt\u0026gt;\u0026lt;td\u0026gt;\u0026#34;,\n                            \u0026#34;evidence\u0026#34;: \u0026#34;\u0026lt;/td\u0026gt;\u0026lt;scrIpt\u0026gt;alert(1);\u0026lt;/scRipt\u0026gt;\u0026lt;td\u0026gt;\u0026#34;,\n                            \u0026#34;otherinfo\u0026#34;: \u0026#34;\u0026#34;,\n                            \u0026#34;request-header\u0026#34;: \u0026#34;POST http://localhost:8080/bodgeit/contact.jsp HTTP/1.1\\r\\nHost: localhost:8080\\r\\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0)...\u0026#34;,\n                            \u0026#34;request-body\u0026#34;: \u0026#34;null=\u0026amp;anticsrf=0.7583553183173598\u0026amp;comments=%3C%2Ftd%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Ctd%3E\u0026#34;,\n                            \u0026#34;response-header\u0026#34;: \u0026#34;HTTP/1.1 200\\r\\nContent-Type: text/html;charset=ISO-8859-1\\r\\nContent-Length: 2025\\r\\nDate: Fri, 04 Feb 2022 11:56:35 GMT\\r\\n\\r\\n\u0026#34;,\n                            \u0026#34;response-body\u0026#34;: \u0026#34;\\n\\n\\n\\n\\n\\n\u0026lt;!DOCTYPE HTML PUBLIC \\\u0026#34;-//W3C//DTD HTML 3.2//EN\\\u0026#34;\u0026gt;\\n\u0026lt;html\u0026gt;...\u0026#34;\n                        }\n                    ],                   \n                    \u0026#34;count\u0026#34;: \u0026#34;2\u0026#34;, \n                    \u0026#34;systemic\u0026#34;: false, \n                    \u0026#34;solution\u0026#34;: \u0026#34;\u0026lt;p\u0026gt;Phase: Architecture and Design\u0026lt;/p\u0026gt;\u0026lt;p\u0026gt;Use a vetted library or framework that does not ...\u0026lt;/p\u0026gt;\u0026#34;,\n                    \u0026#34;otherinfo\u0026#34;: \u0026#34;\u0026#34;,\n                    \u0026#34;reference\u0026#34;: \u0026#34;\u0026lt;p\u0026gt;http://projects.webappsec.org/Cross-Site-Scripting\u0026lt;/p\u0026gt;\u0026lt;p\u0026gt;http://cwe.mitre.org/data/definitions/79.html\u0026lt;/p\u0026gt;\u0026#34;,\n                    \u0026#34;cweid\u0026#34;: \u0026#34;79\u0026#34;,\n                    \u0026#34;wascid\u0026#34;: \u0026#34;8\u0026#34;,\n                    \u0026#34;sourceid\u0026#34;: \u0026#34;36977\u0026#34;,\n                    \u0026#34;tags\u0026#34;:[ \n                        {\n                            \u0026#34;tag\u0026#34;: \u0026#34;OWASP_2021_A03\u0026#34;,\n                            \u0026#34;link\u0026#34;: \u0026#34;https://owasp.org/Top10/A03_2021-Injection/\u0026#34;\n                        },\n                        {\n                            \u0026#34;tag\u0026#34;: \u0026#34;WSTG-v42-INPV-01\u0026#34;,\n                            \u0026#34;link\u0026#34;: \u0026#34;https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/01-Testing_for_Reflected_Cross_Site_Scripting\u0026#34;\n                        },\n                        {\n                            \u0026#34;tag\u0026#34;: \u0026#34;OWASP_2017_A07\u0026#34;,\n                            \u0026#34;link\u0026#34;: \u0026#34;https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS).html\u0026#34;\n                        }\n                    ]\n                },\n                ...\n            ]\n        }\n    ]\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch4 id=\"statistics-section\"\u003eStatistics Section \u003ca class=\"header-link\" href=\"#statistics-section\"\u003e\u003csvg class=\"fill-current o-60 hover-accent-color-light\" height=\"22px\" viewBox=\"0 0 24 24\" width=\"22px\" xmlns=\"http://www.w3.org/2000/svg\"\u003e\u003cpath d=\"M0 0h24v24H0z\" fill=\"none\"/\u003e\u003cpath d=\"M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z\" fill=\"currentColor\"/\u003e\u003c/svg\u003e\u003c/a\u003e\u003c/h4\u003e\n\u003cp\u003eThe report can also include statistics, per site and global, for example:\u003c/p\u003e",
+    "content": "traditional json report requests responses sections section id statistics sequence details sequencedetails automation framework state afstate sample 34version34: 34dev build34 34generated34: 34fri feb 2022 13:04:5134 34created34: 3420220204t13:04:51236211400z34 34site34: 34name34: 34http:localhost:808034 34host34: 34localhost34 34port34: 34808034 34ssl34: 34false34 34alerts34: 34pluginid34: 344001234 34alertref34: 34alert34: 34cross site scripting reflected34 34riskcode34: 34334 34confidence34: 34234 34riskdesc34: 34high medium34 34desc34: 34pcrosssite xss attack technique that involves p34 34instances34: 34uri34: 34http:localhost:8080bodgeitsearchjspq3c2ffont3e3cscript3ealert281293b3c2fscript3e3cfont3e34 34nodename34: 34http:localhost:8080bodgeitsearchjsp q34 34method34: 34get34 34param34: 34q34 34attack34: 34fontscriptalert1scriptfont34 34evidence34: 34otherinfo34: 3434 34requestheader34: 34get http:localhost:8080bodgeitsearchjspq3c2ffont3e3cscript3ealert281293b3c2fscript3e3cfont3e http11rn34 34requestbody34: 34responseheader34: 34http11 200rncontenttype: texthtmlcharsetiso88591rncontentlength: 2045rndate: fri 04 11:56:38 gmtrnrn34 34responsebody34: 34nnnnnnndoctype html public 34w3cdtd 32en34nhtml34 34http:localhost:8080bodgeitcontactjsp34 34post34 34comments34 34tdscriptalert1scripttd34 34post http:localhost:8080bodgeitcontactjsp http11rnhost: localhost:8080rnuseragent: mozilla50 windows nt 100 win64 x64 rv:92034 34nullanticsrf07583553183173598comments3c2ftd3e3cscript3ealert281293b3c2fscript3e3ctd3e34 2025rndate: 11:56:35 34nnnnnndoctype 34count34: 34systemic34: false 34solution34: 34pphase: architecture designppuse vetted library does not 34reference34: 34phttp:projectswebappsecorgcrosssitescriptingpphttp:cwemitreorgdatadefinitions79htmlp34 34cweid34: 347934 34wascid34: 34834 34sourceid34: 343697734 34tags34: 34tag34: 34owasp2021a0334 34link34: 34https:owasporgtop10a032021injection34 34wstgv42inpv0134 34https:owasporgwwwprojectwebsecuritytestingguidev424webapplicationsecuritytesting07inputvalidationtesting01testingforreflectedcrosssitescripting34 34owasp2017a0734 34https:owasporgwwwprojecttopten2017a72017crosssitescriptingxsshtml34 can also include per global example: 34statistics34: 34sitespecificstata34: 34sitespecificstatb34: 34globalstata34: 34globalstatb34: sequences related active scanning results 34sequences34: 34seq name34 34steps34: 34step34: 34134 34pass34: 34true34 34resultdetails34: 34pass34 34alertids34: 34original34: 34https:wwwexamplecomstep134 https:wwwexamplecomstep1 wwwexamplecomrnuseragent: rv:920 gecko20100101 firefox920rnpragma: nocacherncachecontrol: nocacherntest: fooheaderx0000x0013rnrn34 34x0000x001334 34http10 0rntest: 34replay34: 34fail34 34https:wwwexamplecomstep234 https:wwwexamplecomstep2 errors warnings 34afplanerrors34: 34aerror a34 34afplanwarns34: 34warning b34 "
     },
 {
     "url": "/docs/desktop/addons/report-generation/report-traditional-markdown/",
@@ -8013,7 +8013,7 @@
     "keywords": ["","markdown","report","traditional"],
     "tags": null,
     "summary": "\u003ch1 id=\"traditional-markdown-report\"\u003eTraditional Markdown Report\u003c/h1\u003e\n\n\u003ch3 id=\"sample\"\u003eSample \u003ca class=\"header-link\" href=\"#sample\"\u003e\u003csvg class=\"fill-current o-60 hover-accent-color-light\" height=\"22px\" viewBox=\"0 0 24 24\" width=\"22px\" xmlns=\"http://www.w3.org/2000/svg\"\u003e\u003cpath d=\"M0 0h24v24H0z\" fill=\"none\"/\u003e\u003cpath d=\"M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z\" fill=\"currentColor\"/\u003e\u003c/svg\u003e\u003c/a\u003e\u003c/h3\u003e\n\n\u003ch4 id=\"header-risk-confidence\"\u003eHeader \u003ccode\u003eRisk (Confidence)\u003c/code\u003e \u003ca class=\"header-link\" href=\"#header-risk-confidence\"\u003e\u003csvg class=\"fill-current o-60 hover-accent-color-light\" height=\"22px\" viewBox=\"0 0 24 24\" width=\"22px\" xmlns=\"http://www.w3.org/2000/svg\"\u003e\u003cpath d=\"M0 0h24v24H0z\" fill=\"none\"/\u003e\u003cpath d=\"M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z\" fill=\"currentColor\"/\u003e\u003c/svg\u003e\u003c/a\u003e\u003c/h4\u003e\n\u003cp\u003eThis header is a combination identifier, showing Risk followed by Confidence. For example \u003ccode\u003eHigh (Medium)\u003c/code\u003e , would indicate a High risk issue identified with Medium confidence.\u003c/p\u003e",
-    "content": "traditional markdown report sample header risk confidence combination identifier showing followed by example high medium would indicate issue identified zap checkmarx scanning summary alerts level number low informational name instances anticsrf tokens check 10 cross site scripting reflected buffer overflow 529 content security policy csp not set 58 passive scan rule: denial service xframeoptions 55 absence 73 application error disclosure cookie httponly flag without samesite attribute page banner information leak debug messages permissions 59 xcontenttypeoptions missing 62 suspicious comments loosely scoped modern web 33 nonstorable storable cacheable 64 user controllable html element potential xss 32 alert detail https:wwwzaproxyorgdocsalerts20012 description crosssite request forgery attack that involves forcing victim send http target destination their knowledge intent order perform action underlying cause functionality using predictable urlform actions repeatable way nature csrf exploits trust has contrast like attacks necessarily they can also known xsrf oneclick session riding confused deputy sea surf effective situations including: active authenticated via auth same local network primarily been used against victim39s privileges recent techniques have discovered disclose gaining access response dramatically increased when vulnerable because platform allowing operate within bounds sameorigin url: http:localhost:8080bodgeitadvancedjsp method: get parameter: attack: evidence: form id34advanced34 name34advanced34 method34post34 onsubmit34return validateformthisfalse34 other info: id34query34 http:localhost:8080bodgeitbasketjsp action34basketjsp34 "
+    "content": "traditional markdown report sample header risk confidence combination identifier showing followed by example high medium would indicate issue identified zap checkmarx scanning summary alerts level number low informational name instances anticsrf tokens check 10 cross site scripting reflected buffer overflow 529 content security policy csp not set 58 passive scan rule: denial service xframeoptions 55 absence 73 application error disclosure cookie httponly flag without samesite attribute page banner information leak debug messages permissions 59 xcontenttypeoptions missing 62 suspicious comments loosely scoped modern web 33 nonstorable storable cacheable 64 user controllable html element potential xss 32 alert detail https:wwwzaproxyorgdocsalerts20012 description crosssite request forgery attack that involves forcing victim send http target destination their knowledge intent order perform action underlying cause functionality using predictable urlform actions repeatable way nature csrf exploits trust has contrast like attacks necessarily they can also known xsrf oneclick session riding confused deputy sea surf effective situations including: active authenticated via auth same local network primarily been used against victim39s privileges recent techniques have discovered disclose gaining access response dramatically increased when vulnerable because platform allowing operate within bounds sameorigin url: http:localhost:8080bodgeitadvancedjsp node name: method: get parameter: attack: evidence: form id34advanced34 name34advanced34 method34post34 onsubmit34return validateformthisfalse34 other info: id34query34 http:localhost:8080bodgeitbasketjsp action34basketjsp34 "
     },
 {
     "url": "/docs/desktop/addons/report-generation/report-traditional-pdf/",
@@ -8028,16 +8028,16 @@
     "title": "Traditional XML Report",
     "keywords": ["","report","traditional","xml"],
     "tags": null,
-    "summary": "\u003ch1 id=\"traditional-xml-report\"\u003eTraditional XML Report\u003c/h1\u003e\n\n\u003ch3 id=\"sample\"\u003eSample \u003ca class=\"header-link\" href=\"#sample\"\u003e\u003csvg class=\"fill-current o-60 hover-accent-color-light\" height=\"22px\" viewBox=\"0 0 24 24\" width=\"22px\" xmlns=\"http://www.w3.org/2000/svg\"\u003e\u003cpath d=\"M0 0h24v24H0z\" fill=\"none\"/\u003e\u003cpath d=\"M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z\" fill=\"currentColor\"/\u003e\u003c/svg\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003e\u0026lt;?xml version=\u0026#34;1.0\u0026#34;?\u0026gt;\n\u0026lt;OWASPZAPReport version=\u0026#34;Dev Build\u0026#34; generated=\u0026#34;Fri, 4 Feb 2022 17:42:18\u0026#34; created=\u0026#34;2022-02-04T17:42:18.236211400Z\u0026#34;\u0026gt;\n    \n        \u0026lt;site name=\u0026#34;http://localhost:8080\u0026#34; host=\u0026#34;localhost\u0026#34; port=\u0026#34;8080\u0026#34; ssl=\u0026#34;false\u0026#34;\u0026gt;\n            \u0026lt;alerts\u0026gt;\n\n                    \u0026lt;alertitem\u0026gt;\n                        \u0026lt;pluginid\u0026gt;20012\u0026lt;/pluginid\u0026gt;\n                        \u0026lt;alertRef\u0026gt;20012\u0026lt;/alertRef\u0026gt;\n                        \u0026lt;alert\u0026gt;Anti-CSRF Tokens Check\u0026lt;/alert\u0026gt;\n                        \u0026lt;name\u0026gt;Anti-CSRF Tokens Check\u0026lt;/name\u0026gt;\n                        \u0026lt;riskcode\u0026gt;3\u0026lt;/riskcode\u0026gt;\n                        \u0026lt;confidence\u0026gt;2\u0026lt;/confidence\u0026gt;\n                        \u0026lt;riskdesc\u0026gt;High (Medium)\u0026lt;/riskdesc\u0026gt;\n                        \u0026lt;confidencedesc\u0026gt;Medium\u0026lt;/confidencedesc\u0026gt;\n                        \u0026lt;desc\u0026gt;\u0026lt;p\u0026gt;A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge...\u0026lt;/desc\u0026gt;\n                        \u0026lt;instances\u0026gt;\n\n                                \u0026lt;instance\u0026gt;\n                                    \u0026lt;uri\u0026gt;http://localhost:8080/bodgeit/advanced.jsp\u0026lt;/uri\u0026gt;\n                                    \u0026lt;method\u0026gt;GET\u0026lt;/method\u0026gt;\n                                    \u0026lt;param\u0026gt;\u0026lt;/param\u0026gt;\n                                    \u0026lt;attack\u0026gt;\u0026lt;/attack\u0026gt;\n                                    \u0026lt;evidence\u0026gt;\u0026lt;form id=\u0026#34;advanced\u0026#34; name=\u0026#34;advanced\u0026#34; method=\u0026#34;POST\u0026#34; onsubmit=\u0026#34;return validateForm(this);false;\u0026#34;\u0026gt;\u0026lt;/evidence\u0026gt;\n                                    \u0026lt;otherinfo\u0026gt;\u0026lt;/otherinfo\u0026gt;\n                                \u0026lt;/instance\u0026gt;\n\n                                \u0026lt;instance\u0026gt;\n                                    \u0026lt;uri\u0026gt;http://localhost:8080/bodgeit/advanced.jsp\u0026lt;/uri\u0026gt;\n                                    \u0026lt;method\u0026gt;GET\u0026lt;/method\u0026gt;\n                                    \u0026lt;param\u0026gt;\u0026lt;/param\u0026gt;\n                                    \u0026lt;attack\u0026gt;\u0026lt;/attack\u0026gt;\n                                    \u0026lt;evidence\u0026gt;\u0026lt;form id=\u0026#34;query\u0026#34; name=\u0026#34;advanced\u0026#34; method=\u0026#34;POST\u0026#34;\u0026gt;\u0026lt;/evidence\u0026gt;\n                                    \u0026lt;otherinfo\u0026gt;\u0026lt;/otherinfo\u0026gt;\n                                \u0026lt;/instance\u0026gt;\n\n                                \u0026lt;instance\u0026gt;\n                                    \u0026lt;uri\u0026gt;http://localhost:8080/bodgeit/basket.jsp\u0026lt;/uri\u0026gt;\n                                    \u0026lt;method\u0026gt;GET\u0026lt;/method\u0026gt;\n                                    \u0026lt;param\u0026gt;\u0026lt;/param\u0026gt;\n                                    \u0026lt;attack\u0026gt;\u0026lt;/attack\u0026gt;\n                                    \u0026lt;evidence\u0026gt;\u0026lt;form action=\u0026#34;basket.jsp\u0026#34; method=\u0026#34;post\u0026#34;\u0026gt;\u0026lt;/evidence\u0026gt;\n                                    \u0026lt;otherinfo\u0026gt;\u0026lt;/otherinfo\u0026gt;\n                                \u0026lt;/instance\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e",
-    "content": "traditional xml report sample version341034 owaspzapreport version34dev build34 generated34fri feb 2022 17:42:1834 created3420220204t17:42:18236211400z34 site name34http:localhost:808034 host34localhost34 port34808034 ssl34false34 alerts alertitem pluginid20012pluginid alertref20012alertref alertanticsrf tokens checkalert nameanticsrf checkname riskcode3riskcode confidence2confidence riskdeschigh mediumriskdesc confidencedescmediumconfidencedesc descpa crosssite request forgery attack that involves forcing victim send http target destination without their knowledgedesc instances instance urihttp:localhost:8080bodgeitadvancedjspuri methodgetmethod paramparam attackattack evidenceform id34advanced34 name34advanced34 method34post34 onsubmit34return validateformthisfalse34evidence otherinfootherinfo id34query34 method34post34evidence urihttp:localhost:8080bodgeitbasketjspuri action34basketjsp34 "
+    "summary": "\u003ch1 id=\"traditional-xml-report\"\u003eTraditional XML Report\u003c/h1\u003e\n\n\u003ch3 id=\"sample\"\u003eSample \u003ca class=\"header-link\" href=\"#sample\"\u003e\u003csvg class=\"fill-current o-60 hover-accent-color-light\" height=\"22px\" viewBox=\"0 0 24 24\" width=\"22px\" xmlns=\"http://www.w3.org/2000/svg\"\u003e\u003cpath d=\"M0 0h24v24H0z\" fill=\"none\"/\u003e\u003cpath d=\"M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z\" fill=\"currentColor\"/\u003e\u003c/svg\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003e\u0026lt;?xml version=\u0026#34;1.0\u0026#34;?\u0026gt;\n\u0026lt;OWASPZAPReport version=\u0026#34;Dev Build\u0026#34; generated=\u0026#34;Fri, 4 Feb 2022 17:42:18\u0026#34; created=\u0026#34;2022-02-04T17:42:18.236211400Z\u0026#34;\u0026gt;\n    \n        \u0026lt;site name=\u0026#34;http://localhost:8080\u0026#34; host=\u0026#34;localhost\u0026#34; port=\u0026#34;8080\u0026#34; ssl=\u0026#34;false\u0026#34;\u0026gt;\n            \u0026lt;alerts\u0026gt;\n\n                    \u0026lt;alertitem\u0026gt;\n                        \u0026lt;pluginid\u0026gt;20012\u0026lt;/pluginid\u0026gt;\n                        \u0026lt;alertRef\u0026gt;20012\u0026lt;/alertRef\u0026gt;\n                        \u0026lt;alert\u0026gt;Anti-CSRF Tokens Check\u0026lt;/alert\u0026gt;\n                        \u0026lt;name\u0026gt;Anti-CSRF Tokens Check\u0026lt;/name\u0026gt;\n                        \u0026lt;riskcode\u0026gt;3\u0026lt;/riskcode\u0026gt;\n                        \u0026lt;confidence\u0026gt;2\u0026lt;/confidence\u0026gt;\n                        \u0026lt;riskdesc\u0026gt;High (Medium)\u0026lt;/riskdesc\u0026gt;\n                        \u0026lt;confidencedesc\u0026gt;Medium\u0026lt;/confidencedesc\u0026gt;\n                        \u0026lt;desc\u0026gt;\u0026lt;p\u0026gt;A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge...\u0026lt;/desc\u0026gt;\n                        \u0026lt;instances\u0026gt;\n                                \u0026lt;instance\u0026gt;\n                                    \u0026lt;uri\u0026gt;http://localhost:8080/bodgeit/advanced.jsp\u0026lt;/uri\u0026gt;\n                                    \u0026lt;nodeName\u0026gt;http://localhost:8080/bodgeit/advanced.jsp\u0026lt;/nodeName\u0026gt;\n                                    \u0026lt;method\u0026gt;GET\u0026lt;/method\u0026gt;\n                                    \u0026lt;param\u0026gt;\u0026lt;/param\u0026gt;\n                                    \u0026lt;attack\u0026gt;\u0026lt;/attack\u0026gt;\n                                    \u0026lt;evidence\u0026gt;\u0026lt;form id=\u0026#34;advanced\u0026#34; name=\u0026#34;advanced\u0026#34; method=\u0026#34;POST\u0026#34; onsubmit=\u0026#34;return validateForm(this);false;\u0026#34;\u0026gt;\u0026lt;/evidence\u0026gt;\n                                    \u0026lt;otherinfo\u0026gt;\u0026lt;/otherinfo\u0026gt;\n                                \u0026lt;/instance\u0026gt;\n\n                                \u0026lt;instance\u0026gt;\n                                    \u0026lt;uri\u0026gt;http://localhost:8080/bodgeit/advanced.jsp\u0026lt;/uri\u0026gt;\n                                    \u0026lt;nodeName\u0026gt;http://localhost:8080/bodgeit/advanced.jsp\u0026lt;/nodeName\u0026gt;\n                                    \u0026lt;method\u0026gt;GET\u0026lt;/method\u0026gt;\n                                    \u0026lt;param\u0026gt;\u0026lt;/param\u0026gt;\n                                    \u0026lt;attack\u0026gt;\u0026lt;/attack\u0026gt;\n                                    \u0026lt;evidence\u0026gt;\u0026lt;form id=\u0026#34;query\u0026#34; name=\u0026#34;advanced\u0026#34; method=\u0026#34;POST\u0026#34;\u0026gt;\u0026lt;/evidence\u0026gt;\n                                    \u0026lt;otherinfo\u0026gt;\u0026lt;/otherinfo\u0026gt;\n                                \u0026lt;/instance\u0026gt;\n\n                                \u0026lt;instance\u0026gt;\n                                    \u0026lt;uri\u0026gt;http://localhost:8080/bodgeit/basket.jsp\u0026lt;/uri\u0026gt;\n                                    \u0026lt;nodeName\u0026gt;http://localhost:8080/bodgeit/basket.jsp\u0026lt;/nodeName\u0026gt;\n                                    \u0026lt;method\u0026gt;GET\u0026lt;/method\u0026gt;\n                                    \u0026lt;param\u0026gt;\u0026lt;/param\u0026gt;\n                                    \u0026lt;attack\u0026gt;\u0026lt;/attack\u0026gt;\n                                    \u0026lt;evidence\u0026gt;\u0026lt;form action=\u0026#34;basket.jsp\u0026#34; method=\u0026#34;post\u0026#34;\u0026gt;\u0026lt;/evidence\u0026gt;\n                                    \u0026lt;otherinfo\u0026gt;\u0026lt;/otherinfo\u0026gt;\n                                \u0026lt;/instance\u0026gt;\n                        \u0026lt;count\u0026gt;2\u0026lt;/count\u0026gt;\n                        \u0026lt;systemic\u0026gt;false\u0026lt;/systemic\u0026gt;\n                        \u0026lt;solution\u0026gt;The solution\u0026lt;/solution\u0026gt;\n                        \u0026lt;otherinfo\u0026gt;The other info\u0026lt;/otherinfo\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e",
+    "content": "traditional xml report sample version341034 owaspzapreport version34dev build34 generated34fri feb 2022 17:42:1834 created3420220204t17:42:18236211400z34 site name34http:localhost:808034 host34localhost34 port34808034 ssl34false34 alerts alertitem pluginid20012pluginid alertref20012alertref alertanticsrf tokens checkalert nameanticsrf checkname riskcode3riskcode confidence2confidence riskdeschigh mediumriskdesc confidencedescmediumconfidencedesc descpa crosssite request forgery attack that involves forcing victim send http target destination without their knowledgedesc instances instance urihttp:localhost:8080bodgeitadvancedjspuri nodenamehttp:localhost:8080bodgeitadvancedjspnodename methodgetmethod paramparam attackattack evidenceform id34advanced34 name34advanced34 method34post34 onsubmit34return validateformthisfalse34evidence otherinfootherinfo id34query34 method34post34evidence urihttp:localhost:8080bodgeitbasketjspuri nodenamehttp:localhost:8080bodgeitbasketjspnodename action34basketjsp34 count2count systemicfalsesystemic solutionthe solutionsolution otherinfothe other infootherinfo "
     },
 {
     "url": "/docs/desktop/addons/report-generation/report-traditional-xml-plus/",
     "title": "Traditional XML Report with Requests and Responses",
     "keywords": ["","and","report","requests","responses","traditional","with","xml"],
     "tags": null,
-    "summary": "\u003ch1 id=\"traditional-xml-report-with-requests-and-responses\"\u003eTraditional XML Report with Requests and Responses\u003c/h1\u003e\n\n\u003ch3 id=\"sample\"\u003eSample \u003ca class=\"header-link\" href=\"#sample\"\u003e\u003csvg class=\"fill-current o-60 hover-accent-color-light\" height=\"22px\" viewBox=\"0 0 24 24\" width=\"22px\" xmlns=\"http://www.w3.org/2000/svg\"\u003e\u003cpath d=\"M0 0h24v24H0z\" fill=\"none\"/\u003e\u003cpath d=\"M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z\" fill=\"currentColor\"/\u003e\u003c/svg\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003e        \u0026lt;?xml version=\u0026#34;1.0\u0026#34;?\u0026gt;\n        \u0026lt;OWASPZAPReport version=\u0026#34;2.11.1\u0026#34; generated=\u0026#34;Fr., 30 Sep. 2022 08:40:35\u0026#34; created=\u0026#34;2022-09-30T08:40:35.236211400Z\u0026#34;\u0026gt;\n                        \u0026lt;site name=\u0026#34;http://localhost:8080\u0026#34; host=\u0026#34;localhost\u0026#34; port=\u0026#34;8080\u0026#34; ssl=\u0026#34;false\u0026#34;\u0026gt;\n                                \u0026lt;alerts\u0026gt;\n                                        \n                                                \u0026lt;alertitem\u0026gt;\n                                                        \u0026lt;pluginid\u0026gt;90027\u0026lt;/pluginid\u0026gt;\n                                                        \u0026lt;alertRef\u0026gt;90027\u0026lt;/alertRef\u0026gt;\n                                                        \u0026lt;alert\u0026gt;Cookie Slack Detector\u0026lt;/alert\u0026gt;\n                                                        \u0026lt;name\u0026gt;Cookie Slack Detector\u0026lt;/name\u0026gt;\n                                                        \u0026lt;riskcode\u0026gt;1\u0026lt;/riskcode\u0026gt;\n                                                        \u0026lt;confidence\u0026gt;1\u0026lt;/confidence\u0026gt;\n                                                        \u0026lt;riskdesc\u0026gt;Low (Low)\u0026lt;/riskdesc\u0026gt;\n                                                        \u0026lt;confidencedesc\u0026gt;Low\u0026lt;/confidencedesc\u0026gt;\n                                                        \u0026lt;desc\u0026gt;Repeated GET requests: drop a different cookie each time, followed by normal request with all cookies to stabilize session, compare responses against original baseline GET. This can reveal areas where cookie based authentication/attributes are not actually enforced.\u0026lt;/desc\u0026gt;\n                                                        \u0026lt;instances\u0026gt;\n                                                                \n                                                                        \u0026lt;instance\u0026gt;\n                                                                                \u0026lt;uri\u0026gt;http://localhost:8080/bodgeit/js\u0026lt;/uri\u0026gt;\n                                                                                \u0026lt;method\u0026gt;GET\u0026lt;/method\u0026gt;\n                                                                                \u0026lt;param\u0026gt;\u0026lt;/param\u0026gt;\n                                                                                \u0026lt;attack\u0026gt;\u0026lt;/attack\u0026gt;\n                                                                                \u0026lt;evidence\u0026gt;\u0026lt;/evidence\u0026gt;\n                                                                                \u0026lt;otherinfo\u0026gt;\u0026lt;/otherinfo\u0026gt;\n                                                                                \u0026lt;requestheader\u0026gt;GET http://localhost:8080/bodgeit/js HTTP/1.1\n        Host: localhost:8080\n        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0\n        Accept: */*\n        Accept-Language: de,en-US;q=0.7,en;q=0.3\n        Connection: keep-alive\n        Referer: https://localhost:8080/bodgeit/\n        Cookie: JSESSIONID=9E75E26E50F681208096FFAA0B566901\n        Sec-Fetch-Dest: script\n        Sec-Fetch-Mode: no-cors\n        Sec-Fetch-Site: same-origin\n        Content-Length: 0\n        \n        \u0026lt;/requestheader\u0026gt;\n                                                                                \u0026lt;requestbody\u0026gt;\u0026lt;/requestbody\u0026gt;\n                                                                                \u0026lt;responseheader\u0026gt;HTTP/1.1 302 Found\n        Server: Apache-Coyote/1.1\n        Location: /bodgeit/js/\n        Content-Length: 0\n        Date: Fri, 30 Sep 2022 06:40:17 GMT\n        \n        \u0026lt;/responseheader\u0026gt;\n                                                                                \u0026lt;responsebody\u0026gt;\u0026lt;/responsebody\u0026gt;\n                                                                        \u0026lt;/instance\u0026gt;\n                                                                \n                                                                \n                                                                        \u0026lt;instance\u0026gt;\n                                                                                \u0026lt;uri\u0026gt;http://localhost:8080/bodgeit/js/util.js\u0026lt;/uri\u0026gt;\n                                                                                \u0026lt;method\u0026gt;GET\u0026lt;/method\u0026gt;\n                                                                                \u0026lt;param\u0026gt;\u0026lt;/param\u0026gt;\n                                                                                \u0026lt;attack\u0026gt;\u0026lt;/attack\u0026gt;\n                                                                                \u0026lt;evidence\u0026gt;\u0026lt;/evidence\u0026gt;\n                                                                                \u0026lt;otherinfo\u0026gt;\u0026lt;/otherinfo\u0026gt;\n                                                                                \u0026lt;requestheader\u0026gt;GET http://localhost:8080/bodgeit/js/util.js HTTP/1.1\n        Host: localhost:8080\n        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0\n        Accept: */*\n        Accept-Language: de,en-US;q=0.7,en;q=0.3\n        Connection: keep-alive\n        Referer: https://localhost:8080/bodgeit/\n        Cookie: JSESSIONID=9E75E26E50F681208096FFAA0B566901\n        Sec-Fetch-Dest: script\n        Sec-Fetch-Mode: no-cors\n        Sec-Fetch-Site: same-origin\n        Content-Length: 0\n        \n        \u0026lt;/requestheader\u0026gt;\n                                                                                \u0026lt;requestbody\u0026gt;\u0026lt;/requestbody\u0026gt;\n                                                                                \u0026lt;responseheader\u0026gt;HTTP/1.1 200 OK\n        Server: Apache-Coyote/1.1\n        Accept-Ranges: bytes\n        ETag: W/\u0026amp;quot;1812-1343651578000\u0026amp;quot;\n        Last-Modified: Mon, 30 Jul 2012 12:32:58 GMT\n        Content-Type: application/javascript\n        Content-Length: 1812\n        Date: Fri, 30 Sep 2022 06:40:17 GMT\n        \n        \u0026lt;/responseheader\u0026gt;\n                                                                                \u0026lt;responsebody\u0026gt;\n        function loadfile(filename){\n                var filetype = filename.split(\u0026amp;apos;.\u0026amp;apos;).pop();\n                switch (filetype){\n                case \u0026amp;quot;js\u0026amp;quot;:\n                        var insert=document.createElement(\u0026amp;apos;script\u0026amp;apos;)\n                        insert.setAttribute(\u0026amp;quot;type\u0026amp;quot;,\u0026amp;quot;text/javascript\u0026amp;quot;)\n                        insert.setAttribute(\u0026amp;quot;src\u0026amp;quot;, filename)\n                        break;\n                case \u0026amp;apos;css\u0026amp;apos;:\n                var insert=document.createElement(\u0026amp;quot;link\u0026amp;quot;);\n                insert.setAttribute(\u0026amp;quot;type\u0026amp;quot;, \u0026amp;quot;text/css\u0026amp;quot;)\n                insert.setAttribute(\u0026amp;quot;href\u0026amp;quot;, filename)\n                insert.setAttribute(\u0026amp;quot;rel\u0026amp;quot;, \u0026amp;quot;stylesheet\u0026amp;quot;)\n                break;\n                }\n                if (typeof insert!=\u0026amp;quot;undefined\u0026amp;quot;)\n                document.getElementsByTagName(\u0026amp;quot;head\u0026amp;quot;)[0].appendChild(insert);\n                return false;\n        }\n        \n        \n        ////The following is from:\n        //http://stackoverflow.com/questions/316781/how-to-build-query-string-with-javascript\n        \n        function form_to_params( form )\n        {\n                var output = \u0026amp;quot;\u0026amp;quot;;\n                var length = form.elements.length\n                for( var i = 0; i \u0026amp;lt; length; i++ )\n                {\n                element = form.elements[i]\n        \n                if(element.tagName == \u0026amp;apos;TEXTAREA\u0026amp;apos; )\n                {\n                        output += \u0026amp;quot;|\u0026amp;quot; + element.name + \u0026amp;quot;:\u0026amp;quot; + element.value; \n                }\n                else if( element.tagName == \u0026amp;apos;INPUT\u0026amp;apos; )\n                {\n                        switch(element.type){\n                        case \u0026amp;apos;radio\u0026amp;apos;:\n                        case \u0026amp;apos;checkbox\u0026amp;apos;:\n                                if(element.checked \u0026amp;amp;\u0026amp;amp; !element.value){\n                                output += \u0026amp;quot;|\u0026amp;quot; + element.name + \u0026amp;quot;:on\u0026amp;quot;;\n                                break;\n                                }\n                        case \u0026amp;apos;text\u0026amp;apos;:\n                        case \u0026amp;apos;hidden\u0026amp;apos;:\n                        case \u0026amp;apos;password\u0026amp;apos;:\n                                if(element.value)\n                                output += \u0026amp;quot;|\u0026amp;quot; + element.name + \u0026amp;quot;:\u0026amp;quot; + element.value;\n                        break;     \n                        }\n                }\n                }\n                return output.substring(1);\n        }\n        \n        \n        function htmlEntities(str) {\n                return String(str).replace(/\u0026amp;amp;/g, \u0026amp;apos;\u0026amp;amp;amp;\u0026amp;apos;).replace(/\u0026amp;lt;/g, \u0026amp;apos;\u0026amp;amp;lt;\u0026amp;apos;).replace(/\u0026amp;gt;/g, \u0026amp;apos;\u0026amp;amp;gt;\u0026amp;apos;).replace(/\u0026amp;quot;/g, \u0026amp;apos;\u0026amp;amp;quot;\u0026amp;apos;);\n        }\u0026lt;/responsebody\u0026gt;\n                                                                        \u0026lt;/instance\u0026gt;\n                                                                \n                                                        \u0026lt;/instances\u0026gt;\n                                                        \u0026lt;count\u0026gt;3\u0026lt;/count\u0026gt;\n                                                        \u0026lt;solution\u0026gt;\u0026lt;/solution\u0026gt;\n                                                        \u0026lt;otherinfo\u0026gt;NOTE: Because of its name this cookie may be important, but dropping it appears to have no effect: [JSESSIONID] \n        Cookies that don\u0026amp;apos;t have expected effects can reveal flaws in application logic. In the worst case, this can reveal where authentication via cookie token(s) is not actually enforced.\n        These cookies affected the response: \n        These cookies did NOT affect the response: JSESSIONID\n        \u0026lt;/otherinfo\u0026gt;\n                                                        \u0026lt;reference\u0026gt;http://projects.webappsec.org/Fingerprinting\n        \u0026lt;/reference\u0026gt;\n                                                        \u0026lt;cweid\u0026gt;200\u0026lt;/cweid\u0026gt;\n                                                        \u0026lt;wascid\u0026gt;45\u0026lt;/wascid\u0026gt;\n                                                        \u0026lt;sourceid\u0026gt;2420\u0026lt;/sourceid\u0026gt;\n                                                        \u0026lt;tags\u0026gt;\n                                                                \u0026lt;tag\u0026gt;\n                                                                        \u0026lt;tag\u0026gt;OWASP_2017_A06 \u0026lt;/tag\u0026gt;\n                                                                        \u0026lt;link\u0026gt;https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html \u0026lt;/link\u0026gt;\n                                                                \u0026lt;/tag\u0026gt;\n                                                                \u0026lt;tag\u0026gt;\n                                                                        \u0026lt;tag\u0026gt;OWASP_2021_A05 \u0026lt;/tag\u0026gt;\n                                                                        \u0026lt;link\u0026gt;https://owasp.org/Top10/A05_2021-Security_Misconfiguration/ \u0026lt;/link\u0026gt;\n                                                                \u0026lt;/tag\u0026gt;\n                                                                \u0026lt;tag\u0026gt;\n                                                                        \u0026lt;tag\u0026gt;WSTG-v42-SESS-02 \u0026lt;/tag\u0026gt;\n                                                                        \u0026lt;link\u0026gt;https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes \u0026lt;/link\u0026gt;\n                                                                \u0026lt;/tag\u0026gt;\n\n                                                        \u0026lt;/tags\u0026gt;\n                                                \u0026lt;/alertitem\u0026gt;\n                                \u0026lt;/alerts\u0026gt;\n                                \u0026lt;statistics\u0026gt;\n                                        \u0026lt;statistic\u0026gt;\n                                                \u0026lt;key\u0026gt;site.specific.stat.a\u0026lt;/key\u0026gt;\n                                                \u0026lt;value\u0026gt;1\u0026lt;/value\u0026gt;\n                                        \u0026lt;/statistic\u0026gt;\n                                        \u0026lt;statistic\u0026gt;\n                                                \u0026lt;key\u0026gt;site.specific.stat.b\u0026lt;/key\u0026gt;\n                                                \u0026lt;value\u0026gt;2\u0026lt;/value\u0026gt;\n                                        \u0026lt;/statistic\u0026gt;\n                                \u0026lt;/statistics\u0026gt;\n                        \u0026lt;/site\u0026gt;\n                        \u0026lt;statistics\u0026gt;\n                                \u0026lt;statistic\u0026gt;\n                                        \u0026lt;key\u0026gt;global.stat.a\u0026lt;/key\u0026gt;\n                                        \u0026lt;value\u0026gt;1\u0026lt;/value\u0026gt;\n                                \u0026lt;/statistic\u0026gt;\n                                \u0026lt;statistic\u0026gt;\n                                        \u0026lt;key\u0026gt;global.stat.b\u0026lt;/key\u0026gt;\n                                        \u0026lt;value\u0026gt;2\u0026lt;/value\u0026gt;\n                                \u0026lt;/statistic\u0026gt;\n                        \u0026lt;/statistics\u0026gt;\n        \u0026lt;/OWASPZAPReport\u0026gt;                \n\u003c/code\u003e\u003c/pre\u003e",
-    "content": "traditional xml report requests responses sample version341034 owaspzapreport version34211134 generated34fr 30 sep 2022 08:40:3534 created3420220930t08:40:35236211400z34 site name34http:localhost:808034 host34localhost34 port34808034 ssl34false34 alerts alertitem pluginid90027pluginid alertref90027alertref alertcookie slack detectoralert namecookie detectorname riskcode1riskcode confidence1confidence riskdesclow lowriskdesc confidencedesclowconfidencedesc descrepeated get requests: drop different cookie each time followed by normal request all cookies stabilize session compare against original baseline can reveal areas where based authenticationattributes not actually enforceddesc instances instance urihttp:localhost:8080bodgeitjsuri methodgetmethod paramparam attackattack evidenceevidence otherinfootherinfo requestheaderget http:localhost:8080bodgeitjs http11 host: localhost:8080 useragent: mozilla50 macintosh intel mac os 1015 rv:1050 gecko20100101 firefox1050 accept: acceptlanguage: deenusq07enq03 connection: keepalive referer: https:localhost:8080bodgeit cookie: jsessionid9e75e26e50f681208096ffaa0b566901 secfetchdest: script secfetchmode: nocors secfetchsite: sameorigin contentlength: requestheader requestbodyrequestbody responseheaderhttp11 302 found server: apachecoyote11 location: bodgeitjs date: fri 06:40:17 gmt responseheader responsebodyresponsebody urihttp:localhost:8080bodgeitjsutiljsuri http:localhost:8080bodgeitjsutiljs 200 ok acceptranges: bytes etag: wquot18121343651578000quot lastmodified: mon jul 2012 12:32:58 contenttype: applicationjavascript 1812 responsebody function loadfilefilename var filetype filenamesplitaposapospop switch case quotjsquot: insertdocumentcreateelementaposscriptapos insertsetattributequottypequotquottextjavascriptquot insertsetattributequotsrcquot filename break aposcssapos: insertdocumentcreateelementquotlinkquot insertsetattributequottypequot quottextcssquot insertsetattributequothrefquot insertsetattributequotrelquot quotstylesheetquot typeof insertquotundefinedquot documentgetelementsbytagnamequotheadquot0appendchildinsert return false following from: http:stackoverflowcomquestions316781howtobuildquerystringwithjavascript formtoparams form output quotquot length formelementslength lt element formelementsi ifelementtagname apostextareaapos elementname quot:quot elementvalue else elementtagname aposinputapos switchelementtype aposradioapos: aposcheckboxapos: ifelementchecked ampamp quot:onquot apostextapos: aposhiddenapos: apospasswordapos: ifelementvalue outputsubstring1 htmlentitiesstr stringstrreplaceampg aposampampaposreplaceltg aposampltaposreplacegtg aposampgtaposreplacequotg aposampquotapos count3count solutionsolution otherinfonote: because its name may important dropping appears have effect: jsessionid that donapost expected effects flaws application logic worst authentication via tokens enforced these affected response: did affect otherinfo referencehttp:projectswebappsecorgfingerprinting reference cweid200cweid wascid45wascid sourceid2420sourceid tags tag tagowasp2017a06 linkhttps:owasporgwwwprojecttopten2017a62017securitymisconfigurationhtml link tagowasp2021a05 linkhttps:owasporgtop10a052021securitymisconfiguration tagwstgv42sess02 linkhttps:owasporgwwwprojectwebsecuritytestingguidev424webapplicationsecuritytesting06sessionmanagementtesting02testingforcookiesattributes statistics statistic keysitespecificstatakey value1value keysitespecificstatbkey value2value keyglobalstatakey keyglobalstatbkey "
+    "summary": "\u003ch1 id=\"traditional-xml-report-with-requests-and-responses\"\u003eTraditional XML Report with Requests and Responses\u003c/h1\u003e\n\n\u003ch3 id=\"sample\"\u003eSample \u003ca class=\"header-link\" href=\"#sample\"\u003e\u003csvg class=\"fill-current o-60 hover-accent-color-light\" height=\"22px\" viewBox=\"0 0 24 24\" width=\"22px\" xmlns=\"http://www.w3.org/2000/svg\"\u003e\u003cpath d=\"M0 0h24v24H0z\" fill=\"none\"/\u003e\u003cpath d=\"M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z\" fill=\"currentColor\"/\u003e\u003c/svg\u003e\u003c/a\u003e\u003c/h3\u003e\n\u003cpre tabindex=\"0\"\u003e\u003ccode\u003e        \u0026lt;?xml version=\u0026#34;1.0\u0026#34;?\u0026gt;\n        \u0026lt;OWASPZAPReport version=\u0026#34;2.11.1\u0026#34; generated=\u0026#34;Fr., 30 Sep. 2022 08:40:35\u0026#34; created=\u0026#34;2022-09-30T08:40:35.236211400Z\u0026#34;\u0026gt;\n                        \u0026lt;site name=\u0026#34;http://localhost:8080\u0026#34; host=\u0026#34;localhost\u0026#34; port=\u0026#34;8080\u0026#34; ssl=\u0026#34;false\u0026#34;\u0026gt;\n                                \u0026lt;alerts\u0026gt;\n                                        \n                                                \u0026lt;alertitem\u0026gt;\n                                                        \u0026lt;pluginid\u0026gt;90027\u0026lt;/pluginid\u0026gt;\n                                                        \u0026lt;alertRef\u0026gt;90027\u0026lt;/alertRef\u0026gt;\n                                                        \u0026lt;alert\u0026gt;Cookie Slack Detector\u0026lt;/alert\u0026gt;\n                                                        \u0026lt;name\u0026gt;Cookie Slack Detector\u0026lt;/name\u0026gt;\n                                                        \u0026lt;riskcode\u0026gt;1\u0026lt;/riskcode\u0026gt;\n                                                        \u0026lt;confidence\u0026gt;1\u0026lt;/confidence\u0026gt;\n                                                        \u0026lt;riskdesc\u0026gt;Low (Low)\u0026lt;/riskdesc\u0026gt;\n                                                        \u0026lt;confidencedesc\u0026gt;Low\u0026lt;/confidencedesc\u0026gt;\n                                                        \u0026lt;desc\u0026gt;Repeated GET requests: drop a different cookie each time, followed by normal request with all cookies to stabilize session, compare responses against original baseline GET. This can reveal areas where cookie based authentication/attributes are not actually enforced.\u0026lt;/desc\u0026gt;\n                                                        \u0026lt;instances\u0026gt;\n                                                                \n                                                                        \u0026lt;instance\u0026gt;\n                                                                                \u0026lt;uri\u0026gt;http://localhost:8080/bodgeit/js\u0026lt;/uri\u0026gt;\n                                                                                \u0026lt;nodeName\u0026gt;http://localhost:8080/bodgeit/js\u0026lt;/nodeName\u0026gt;\n                                                                                \u0026lt;method\u0026gt;GET\u0026lt;/method\u0026gt;\n                                                                                \u0026lt;param\u0026gt;\u0026lt;/param\u0026gt;\n                                                                                \u0026lt;attack\u0026gt;\u0026lt;/attack\u0026gt;\n                                                                                \u0026lt;evidence\u0026gt;\u0026lt;/evidence\u0026gt;\n                                                                                \u0026lt;otherinfo\u0026gt;\u0026lt;/otherinfo\u0026gt;\n                                                                                \u0026lt;requestheader\u0026gt;GET http://localhost:8080/bodgeit/js HTTP/1.1\n        Host: localhost:8080\n        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0\n        Accept: */*\n        Accept-Language: de,en-US;q=0.7,en;q=0.3\n        Connection: keep-alive\n        Referer: https://localhost:8080/bodgeit/\n        Cookie: JSESSIONID=9E75E26E50F681208096FFAA0B566901\n        Sec-Fetch-Dest: script\n        Sec-Fetch-Mode: no-cors\n        Sec-Fetch-Site: same-origin\n        Content-Length: 0\n        \n        \u0026lt;/requestheader\u0026gt;\n                                                                                \u0026lt;requestbody\u0026gt;\u0026lt;/requestbody\u0026gt;\n                                                                                \u0026lt;responseheader\u0026gt;HTTP/1.1 302 Found\n        Server: Apache-Coyote/1.1\n        Location: /bodgeit/js/\n        Content-Length: 0\n        Date: Fri, 30 Sep 2022 06:40:17 GMT\n        \n        \u0026lt;/responseheader\u0026gt;\n                                                                                \u0026lt;responsebody\u0026gt;\u0026lt;/responsebody\u0026gt;\n                                                                        \u0026lt;/instance\u0026gt;\n                                                                \n                                                                \n                                                                        \u0026lt;instance\u0026gt;\n                                                                                \u0026lt;uri\u0026gt;http://localhost:8080/bodgeit/js/util.js\u0026lt;/uri\u0026gt;\n                                                                                \u0026lt;nodeName\u0026gt;http://localhost:8080/bodgeit/js/util.js\u0026lt;/nodeName\u0026gt;\n                                                                                \u0026lt;method\u0026gt;GET\u0026lt;/method\u0026gt;\n                                                                                \u0026lt;param\u0026gt;\u0026lt;/param\u0026gt;\n                                                                                \u0026lt;attack\u0026gt;\u0026lt;/attack\u0026gt;\n                                                                                \u0026lt;evidence\u0026gt;\u0026lt;/evidence\u0026gt;\n                                                                                \u0026lt;otherinfo\u0026gt;\u0026lt;/otherinfo\u0026gt;\n                                                                                \u0026lt;requestheader\u0026gt;GET http://localhost:8080/bodgeit/js/util.js HTTP/1.1\n        Host: localhost:8080\n        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0\n        Accept: */*\n        Accept-Language: de,en-US;q=0.7,en;q=0.3\n        Connection: keep-alive\n        Referer: https://localhost:8080/bodgeit/\n        Cookie: JSESSIONID=9E75E26E50F681208096FFAA0B566901\n        Sec-Fetch-Dest: script\n        Sec-Fetch-Mode: no-cors\n        Sec-Fetch-Site: same-origin\n        Content-Length: 0\n        \n        \u0026lt;/requestheader\u0026gt;\n                                                                                \u0026lt;requestbody\u0026gt;\u0026lt;/requestbody\u0026gt;\n                                                                                \u0026lt;responseheader\u0026gt;HTTP/1.1 200 OK\n        Server: Apache-Coyote/1.1\n        Accept-Ranges: bytes\n        ETag: W/\u0026amp;quot;1812-1343651578000\u0026amp;quot;\n        Last-Modified: Mon, 30 Jul 2012 12:32:58 GMT\n        Content-Type: application/javascript\n        Content-Length: 1812\n        Date: Fri, 30 Sep 2022 06:40:17 GMT\n        \n        \u0026lt;/responseheader\u0026gt;\n                                                                                \u0026lt;responsebody\u0026gt;\n        function loadfile(filename){\n                var filetype = filename.split(\u0026amp;apos;.\u0026amp;apos;).pop();\n                switch (filetype){\n                case \u0026amp;quot;js\u0026amp;quot;:\n                        var insert=document.createElement(\u0026amp;apos;script\u0026amp;apos;)\n                        insert.setAttribute(\u0026amp;quot;type\u0026amp;quot;,\u0026amp;quot;text/javascript\u0026amp;quot;)\n                        insert.setAttribute(\u0026amp;quot;src\u0026amp;quot;, filename)\n                        break;\n                case \u0026amp;apos;css\u0026amp;apos;:\n                var insert=document.createElement(\u0026amp;quot;link\u0026amp;quot;);\n                insert.setAttribute(\u0026amp;quot;type\u0026amp;quot;, \u0026amp;quot;text/css\u0026amp;quot;)\n                insert.setAttribute(\u0026amp;quot;href\u0026amp;quot;, filename)\n                insert.setAttribute(\u0026amp;quot;rel\u0026amp;quot;, \u0026amp;quot;stylesheet\u0026amp;quot;)\n                break;\n                }\n                if (typeof insert!=\u0026amp;quot;undefined\u0026amp;quot;)\n                document.getElementsByTagName(\u0026amp;quot;head\u0026amp;quot;)[0].appendChild(insert);\n                return false;\n        }\n        \n        \n        ////The following is from:\n        //http://stackoverflow.com/questions/316781/how-to-build-query-string-with-javascript\n        \n        function form_to_params( form )\n        {\n                var output = \u0026amp;quot;\u0026amp;quot;;\n                var length = form.elements.length\n                for( var i = 0; i \u0026amp;lt; length; i++ )\n                {\n                element = form.elements[i]\n        \n                if(element.tagName == \u0026amp;apos;TEXTAREA\u0026amp;apos; )\n                {\n                        output += \u0026amp;quot;|\u0026amp;quot; + element.name + \u0026amp;quot;:\u0026amp;quot; + element.value; \n                }\n                else if( element.tagName == \u0026amp;apos;INPUT\u0026amp;apos; )\n                {\n                        switch(element.type){\n                        case \u0026amp;apos;radio\u0026amp;apos;:\n                        case \u0026amp;apos;checkbox\u0026amp;apos;:\n                                if(element.checked \u0026amp;amp;\u0026amp;amp; !element.value){\n                                output += \u0026amp;quot;|\u0026amp;quot; + element.name + \u0026amp;quot;:on\u0026amp;quot;;\n                                break;\n                                }\n                        case \u0026amp;apos;text\u0026amp;apos;:\n                        case \u0026amp;apos;hidden\u0026amp;apos;:\n                        case \u0026amp;apos;password\u0026amp;apos;:\n                                if(element.value)\n                                output += \u0026amp;quot;|\u0026amp;quot; + element.name + \u0026amp;quot;:\u0026amp;quot; + element.value;\n                        break;     \n                        }\n                }\n                }\n                return output.substring(1);\n        }\n        \n        \n        function htmlEntities(str) {\n                return String(str).replace(/\u0026amp;amp;/g, \u0026amp;apos;\u0026amp;amp;amp;\u0026amp;apos;).replace(/\u0026amp;lt;/g, \u0026amp;apos;\u0026amp;amp;lt;\u0026amp;apos;).replace(/\u0026amp;gt;/g, \u0026amp;apos;\u0026amp;amp;gt;\u0026amp;apos;).replace(/\u0026amp;quot;/g, \u0026amp;apos;\u0026amp;amp;quot;\u0026amp;apos;);\n        }\u0026lt;/responsebody\u0026gt;\n                                                                        \u0026lt;/instance\u0026gt;\n                                                                \n                                                        \u0026lt;/instances\u0026gt;\n                                                        \u0026lt;count\u0026gt;3\u0026lt;/count\u0026gt;\n                                                        \u0026lt;systemic\u0026gt;false\u0026lt;/systemic\u0026gt;\n                                                        \u0026lt;solution\u0026gt;\u0026lt;/solution\u0026gt;\n                                                        \u0026lt;otherinfo\u0026gt;NOTE: Because of its name this cookie may be important, but dropping it appears to have no effect: [JSESSIONID] \n        Cookies that don\u0026amp;apos;t have expected effects can reveal flaws in application logic. In the worst case, this can reveal where authentication via cookie token(s) is not actually enforced.\n        These cookies affected the response: \n        These cookies did NOT affect the response: JSESSIONID\n        \u0026lt;/otherinfo\u0026gt;\n                                                        \u0026lt;reference\u0026gt;http://projects.webappsec.org/Fingerprinting\n        \u0026lt;/reference\u0026gt;\n                                                        \u0026lt;cweid\u0026gt;200\u0026lt;/cweid\u0026gt;\n                                                        \u0026lt;wascid\u0026gt;45\u0026lt;/wascid\u0026gt;\n                                                        \u0026lt;sourceid\u0026gt;2420\u0026lt;/sourceid\u0026gt;\n                                                        \u0026lt;tags\u0026gt;\n                                                                \u0026lt;tag\u0026gt;\n                                                                        \u0026lt;tag\u0026gt;OWASP_2017_A06 \u0026lt;/tag\u0026gt;\n                                                                        \u0026lt;link\u0026gt;https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html \u0026lt;/link\u0026gt;\n                                                                \u0026lt;/tag\u0026gt;\n                                                                \u0026lt;tag\u0026gt;\n                                                                        \u0026lt;tag\u0026gt;OWASP_2021_A05 \u0026lt;/tag\u0026gt;\n                                                                        \u0026lt;link\u0026gt;https://owasp.org/Top10/A05_2021-Security_Misconfiguration/ \u0026lt;/link\u0026gt;\n                                                                \u0026lt;/tag\u0026gt;\n                                                                \u0026lt;tag\u0026gt;\n                                                                        \u0026lt;tag\u0026gt;WSTG-v42-SESS-02 \u0026lt;/tag\u0026gt;\n                                                                        \u0026lt;link\u0026gt;https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes \u0026lt;/link\u0026gt;\n                                                                \u0026lt;/tag\u0026gt;\n\n                                                        \u0026lt;/tags\u0026gt;\n                                                \u0026lt;/alertitem\u0026gt;\n                                \u0026lt;/alerts\u0026gt;\n                                \u0026lt;statistics\u0026gt;\n                                        \u0026lt;statistic\u0026gt;\n                                                \u0026lt;key\u0026gt;site.specific.stat.a\u0026lt;/key\u0026gt;\n                                                \u0026lt;value\u0026gt;1\u0026lt;/value\u0026gt;\n                                        \u0026lt;/statistic\u0026gt;\n                                        \u0026lt;statistic\u0026gt;\n                                                \u0026lt;key\u0026gt;site.specific.stat.b\u0026lt;/key\u0026gt;\n                                                \u0026lt;value\u0026gt;2\u0026lt;/value\u0026gt;\n                                        \u0026lt;/statistic\u0026gt;\n                                \u0026lt;/statistics\u0026gt;\n                        \u0026lt;/site\u0026gt;\n                        \u0026lt;statistics\u0026gt;\n                                \u0026lt;statistic\u0026gt;\n                                        \u0026lt;key\u0026gt;global.stat.a\u0026lt;/key\u0026gt;\n                                        \u0026lt;value\u0026gt;1\u0026lt;/value\u0026gt;\n                                \u0026lt;/statistic\u0026gt;\n                                \u0026lt;statistic\u0026gt;\n                                        \u0026lt;key\u0026gt;global.stat.b\u0026lt;/key\u0026gt;\n                                        \u0026lt;value\u0026gt;2\u0026lt;/value\u0026gt;\n                                \u0026lt;/statistic\u0026gt;\n                        \u0026lt;/statistics\u0026gt;\n        \u0026lt;/OWASPZAPReport\u0026gt;                \n\u003c/code\u003e\u003c/pre\u003e",
+    "content": "traditional xml report requests responses sample version341034 owaspzapreport version34211134 generated34fr 30 sep 2022 08:40:3534 created3420220930t08:40:35236211400z34 site name34http:localhost:808034 host34localhost34 port34808034 ssl34false34 alerts alertitem pluginid90027pluginid alertref90027alertref alertcookie slack detectoralert namecookie detectorname riskcode1riskcode confidence1confidence riskdesclow lowriskdesc confidencedesclowconfidencedesc descrepeated get requests: drop different cookie each time followed by normal request all cookies stabilize session compare against original baseline can reveal areas where based authenticationattributes not actually enforceddesc instances instance urihttp:localhost:8080bodgeitjsuri nodenamehttp:localhost:8080bodgeitjsnodename methodgetmethod paramparam attackattack evidenceevidence otherinfootherinfo requestheaderget http:localhost:8080bodgeitjs http11 host: localhost:8080 useragent: mozilla50 macintosh intel mac os 1015 rv:1050 gecko20100101 firefox1050 accept: acceptlanguage: deenusq07enq03 connection: keepalive referer: https:localhost:8080bodgeit cookie: jsessionid9e75e26e50f681208096ffaa0b566901 secfetchdest: script secfetchmode: nocors secfetchsite: sameorigin contentlength: requestheader requestbodyrequestbody responseheaderhttp11 302 found server: apachecoyote11 location: bodgeitjs date: fri 06:40:17 gmt responseheader responsebodyresponsebody urihttp:localhost:8080bodgeitjsutiljsuri nodenamehttp:localhost:8080bodgeitjsutiljsnodename http:localhost:8080bodgeitjsutiljs 200 ok acceptranges: bytes etag: wquot18121343651578000quot lastmodified: mon jul 2012 12:32:58 contenttype: applicationjavascript 1812 responsebody function loadfilefilename var filetype filenamesplitaposapospop switch case quotjsquot: insertdocumentcreateelementaposscriptapos insertsetattributequottypequotquottextjavascriptquot insertsetattributequotsrcquot filename break aposcssapos: insertdocumentcreateelementquotlinkquot insertsetattributequottypequot quottextcssquot insertsetattributequothrefquot insertsetattributequotrelquot quotstylesheetquot typeof insertquotundefinedquot documentgetelementsbytagnamequotheadquot0appendchildinsert return false following from: http:stackoverflowcomquestions316781howtobuildquerystringwithjavascript formtoparams form output quotquot length formelementslength lt element formelementsi ifelementtagname apostextareaapos elementname quot:quot elementvalue else elementtagname aposinputapos switchelementtype aposradioapos: aposcheckboxapos: ifelementchecked ampamp quot:onquot apostextapos: aposhiddenapos: apospasswordapos: ifelementvalue outputsubstring1 htmlentitiesstr stringstrreplaceampg aposampampaposreplaceltg aposampltaposreplacegtg aposampgtaposreplacequotg aposampquotapos count3count systemicfalsesystemic solutionsolution otherinfonote: because its name may important dropping appears have effect: jsessionid that donapost expected effects flaws application logic worst authentication via tokens enforced these affected response: did affect otherinfo referencehttp:projectswebappsecorgfingerprinting reference cweid200cweid wascid45wascid sourceid2420sourceid tags tag tagowasp2017a06 linkhttps:owasporgwwwprojecttopten2017a62017securitymisconfigurationhtml link tagowasp2021a05 linkhttps:owasporgtop10a052021securitymisconfiguration tagwstgv42sess02 linkhttps:owasporgwwwprojectwebsecuritytestingguidev424webapplicationsecuritytesting06sessionmanagementtesting02testingforcookiesattributes statistics statistic keysitespecificstatakey value1value keysitespecificstatbkey value2value keyglobalstatakey keyglobalstatbkey "
     },
 {
     "url": "/twitter/",
@@ -8413,7 +8413,7 @@
     "keywords": ["","marketplace","zap"],
     "tags": null,
     "summary": "\u003cp\u003eZAP Marketplace contains ZAP add-ons which have been written by the ZAP team and the community. The add-ons help to extend the functionalities of ZAP.\nIf you are using the latest version of ZAP then you can browse and download add-ons from within ZAP by clicking on this button in the toolbar:\u003c/p\u003e",
-    "content": "zap marketplace contains addons which have been written by team community help extend functionalities you using latest version then can browse download from within clicking button toolbar: also import that downloaded manually via file load addon menu option desktop would like publish your own follow how guide name id status author last updated access control testing adds set tools web applications accesscontrol 10 alpha dev 20240325 active scanner rules release ascanrules 75 20251104 ascanrulesalpha 53 beta ascanrulesbeta 63 advanced sqlinjection injection bundle sqli derived sqlmap sqliplugin 16 andrea pompili yhawke 20250430 ajax spider allows sites make heavy use javascript crawljax spiderajax 23270 alert filters automate changing risk levels alertfilters 25 all one notes simple extension view pane allinonenotes david vassallo 20211007 attack surface detector analyzes application source code generate endpoints used penetration attacksurfacedetector 114 secure decisions matthew deletto 20190307 authentication helper helps identify up handling authhelper 0310 20251105 statistics records logged inout contexts scope authstats automation framework 0550 beanshell console provides browser render html responses browserview 20230313 bug tracker bugtracker 20220923 call graph user selected resources callgraph colm o39flaherty home handles calls services callhome 0170 client side integration exposes information firefox chrome extensions 0180 collection: pentester pack collection ideal pentesters packpentester 010 20220512 scan just containing packscanrules 001 20220513 common library other commonlib 1380 20251021 scripts useful communityscripts 19 20240701 core language files translations corelang 15 20220214 custom payloads ability add edit remove ie scanners custompayloads 0150 20250902 database engines related infrastructure 080 20250304 development 0100 20250515 diff displays dialog showing differences between requests uses diffutils diffmatchpatch 17 20250109 directory list v10 names forced fuzzer directorylistv1 v23 lists directorylistv23 lc lower case directorylistv23lc dom xss rule domxss 22 aabha biyani 20250710 encoder encodedecodehash support scripted processors 170 20250620 eval villain when launched evalvillain 040 dennis goodlett 20241125 fileupload detect upload them find vulnerabilities 121 ksasan preetkaran20gmailcom 20231023 browsing directories owasp dirbuster tool bruteforce 18 20250827 fuzzai 003 marios gyftos yiannis pavlosoglou 20251106 fuzzdb offensive backdoors manual may flagged antivirus fuzzdboffensive 20240111 fuzz 13160 getting started short gettingstarted graalvm engine scripting graaljs 0110 graphql inspect 0280 20250326 groovy 320 20240411 grpc decode protobuf messages 020 20240702 arabic helparsa crowdin 20250821 bosnian helpbsba chinese simplified helpzhcn english 21 filipino helpfilph french helpfrfr 11 indonesian helpidid japanese helpjajp malay helpmsmy portuguese brazilian helpptbr 12 russian helpruru spanish helpeses turkish helptrtr highlighter highlight strings request response tabs hud heads display 0190 20240507 image location privacy passive imagelocationscanner jay ball veggiespam 20250918 importexport export functionality exim thatsn0tmysite invoke external passing context such urls parameters json shows nicely formatted jsonview juha kiveks 20230907 jwt 103 20230102 kotlin 110 stackhawk engineering levoai build openapi specs traffic 030 20240710 linux webdrivers webdriverlinux 165 macos webdrivermacos map local mapping content chosen maplocal keindel andrey maksimov 20231005 neonmarker colors history table items based tags 180 kingthorin 20250214 network networking capabilities 0230 oast exploit outofband online menus onlinemenu 14 imports spiders definitions 47 plus joanna bona nathalie bouchahine artur grzesica mohammad kamar markus kiss michal materniak marcin spiewak sda se open industry solutions parameter digger hidden unlinked finding cache poisoning paramdigger arkaprabha chakraborty 20240715 scanning pscan 050 20250910 pscanrules 69 pscanrulesalpha pscanrulesbeta plugnhack configuration supports mozilla standard: https:developermozillaorgenusdocsplugnhack 13 20221027 postman collections 070 python templates included jython quick start tab quickly test target quickstart 52 reflect finds reflected 0011 caleb kinney 20210219 regular expression tester expressions regextester replacer easy way replace 20 20250110 report generation official reports 0410 20250904 requester send 780 surikato retest presenceabsence previously generated alerts retirejs vulnerable outdated packages retire 0500 nikita mundhada reveal show fields enable disabled revisit site any time past session ruby jruby saml 20221028 policies standard scanpolicies 060 script jsr 223 languages 45150 selenium webdriver provider includes htmlunit 15410 sequence gives possibility defining scanned serversent events sse communication 20240521 soap scans wsdl 28 alberto albertov91 43 software manager data xml directly server srm 202590 black duck inc 20250926 automatically uris svn svndigger technology detection various fingerprints identifiers wappalyzer 21490 tips tricks token analysis analyze pseudo random tokens those csrf protection tokengen treetools tree carl sampson value generator define field values submitting app added modified enableddisabled deleted formhandler 670 viewstate aspjsf decoder editor calum hutton websockets websocket 34 windows webdriverwindows 166 zest graphical security zaps macro steroids 48100 20251029 "
+    "content": "zap marketplace contains addons which have been written by team community help extend functionalities you using latest version then can browse download from within clicking button toolbar: also import that downloaded manually via file load addon menu option desktop would like publish your own follow how guide name id status author last updated access control testing adds set tools web applications accesscontrol 10 alpha dev 20240325 active scanner rules release ascanrules 75 20251104 ascanrulesalpha 53 beta ascanrulesbeta 63 advanced sqlinjection injection bundle sqli derived sqlmap sqliplugin 16 andrea pompili yhawke 20250430 ajax spider allows sites make heavy use javascript crawljax spiderajax 23270 alert filters automate changing risk levels alertfilters 25 all one notes simple extension view pane allinonenotes david vassallo 20211007 attack surface detector analyzes application source code generate endpoints used penetration attacksurfacedetector 114 secure decisions matthew deletto 20190307 authentication helper helps identify up handling authhelper 0320 20251107 statistics records logged inout contexts scope authstats automation framework 0560 beanshell console provides browser render html responses browserview 20230313 bug tracker bugtracker 20220923 call graph user selected resources callgraph colm o39flaherty home handles calls services callhome 0170 client side integration exposes information firefox chrome extensions 0180 collection: pentester pack collection ideal pentesters packpentester 010 20220512 scan just containing packscanrules 001 20220513 common library other commonlib 1380 20251021 scripts useful communityscripts 19 20240701 core language files translations corelang 15 20220214 custom payloads ability add edit remove ie scanners custompayloads 0150 20250902 database engines related infrastructure 080 20250304 development 0100 20250515 diff displays dialog showing differences between requests uses diffutils diffmatchpatch 17 20250109 directory list v10 names forced fuzzer directorylistv1 v23 lists directorylistv23 lc lower case directorylistv23lc dom xss rule domxss 22 aabha biyani 20250710 encoder encodedecodehash support scripted processors 170 20250620 eval villain when launched evalvillain 040 dennis goodlett 20241125 fileupload detect upload them find vulnerabilities 121 ksasan preetkaran20gmailcom 20231023 browsing directories owasp dirbuster tool bruteforce 18 20250827 fuzzai 003 marios gyftos yiannis pavlosoglou 20251106 fuzzdb offensive backdoors manual may flagged antivirus fuzzdboffensive 20240111 fuzz 13160 getting started short gettingstarted graalvm engine scripting graaljs 0110 graphql inspect 0280 20250326 groovy 320 20240411 grpc decode protobuf messages 020 20240702 arabic helparsa crowdin 20250821 bosnian helpbsba chinese simplified helpzhcn english 21 filipino helpfilph french helpfrfr 11 indonesian helpidid japanese helpjajp malay helpmsmy portuguese brazilian helpptbr 12 russian helpruru spanish helpeses turkish helptrtr highlighter highlight strings request response tabs hud heads display 0190 20240507 image location privacy passive imagelocationscanner jay ball veggiespam 20250918 importexport export functionality exim thatsn0tmysite invoke external passing context such urls parameters json shows nicely formatted jsonview juha kiveks 20230907 jwt 103 20230102 kotlin 110 stackhawk engineering levoai build openapi specs traffic 030 20240710 linux webdrivers webdriverlinux 165 macos webdrivermacos map local mapping content chosen maplocal keindel andrey maksimov 20231005 neonmarker colors history table items based tags 180 kingthorin 20250214 network networking capabilities 0230 oast exploit outofband online menus onlinemenu 14 imports spiders definitions 47 plus joanna bona nathalie bouchahine artur grzesica mohammad kamar markus kiss michal materniak marcin spiewak sda se open industry solutions parameter digger hidden unlinked finding cache poisoning paramdigger arkaprabha chakraborty 20240715 scanning pscan 050 20250910 pscanrules 69 pscanrulesalpha pscanrulesbeta plugnhack configuration supports mozilla standard: https:developermozillaorgenusdocsplugnhack 13 20221027 postman collections 070 python templates included jython quick start tab quickly test target quickstart 52 reflect finds reflected 0011 caleb kinney 20210219 regular expression tester expressions regextester replacer easy way replace 20 20250110 report generation official reports 0420 requester send 780 surikato retest presenceabsence previously generated alerts retirejs vulnerable outdated packages retire 0500 nikita mundhada reveal show fields enable disabled revisit site any time past session ruby jruby saml 20221028 policies standard scanpolicies 060 script jsr 223 languages 45150 selenium webdriver provider includes htmlunit 15410 sequence gives possibility defining scanned serversent events sse communication 20240521 soap scans wsdl 28 alberto albertov91 43 software manager data xml directly server srm 202590 black duck inc 20250926 automatically uris svn svndigger technology detection various fingerprints identifiers wappalyzer 21490 tips tricks token analysis analyze pseudo random tokens those csrf protection tokengen treetools tree carl sampson value generator define field values submitting app added modified enableddisabled deleted formhandler 670 viewstate aspjsf decoder editor calum hutton websockets websocket 34 windows webdriverwindows 166 zest graphical security zaps macro steroids 48100 20251029 "
     },
 {
     "url": "/docs/zap-ownership/",