Details
Alert Id 10026
Alert Type Passive Scan Rule
Status beta
Risk
CWE
WASC

Summary

Unspecified form action: HTTP parameter override attack potentially possible. This is a known problem with Java Servlets but other platforms may also be vulnerable.

Solution

All forms must specify the action URL.

References

Code

org/zaproxy/zap/extension/pscanrulesBeta/ServletParameterPollutionScanRule.java