Scribd
Upload
15 views142 pages

Vulnerabiliades - Diccionario

The OWASP ZAP scan report summarizes the results of a scan against multiple sites associated with sedici.unlp.edu.ar. The scan found 8 medium and 10 low risk alerts, including the absence of anti-CSRF tokens, content security policy issues, cookie security issues, and cross-site scripting risks. Forms on the sites were found to be potentially vulnerable to CSRF attacks due to a lack of anti-CSRF tokens and using GET requests for sensitive actions.

Uploaded by

Johan Morillo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views142 pages

Vulnerabiliades - Diccionario

The OWASP ZAP scan report summarizes the results of a scan against multiple sites associated with sedici.unlp.edu.ar. The scan found 8 medium and 10 low risk alerts, including the absence of anti-CSRF tokens, content security policy issues, cookie security issues, and cross-site scripting risks. Forms on the sites were found to be potentially vulnerable to CSRF attacks due to a lack of anti-CSRF tokens and using GET requests for sensitive actions.

Uploaded by

Johan Morillo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 142

OWASP ZAP Scan Report

Target: http://sedici.unlp.edu.ar/
All scanned sites: https://multisitio.sedici.unlp.edu.ar https://matomo.sedici.unlp.edu.ar http://blog.sedici.unlp.edu.ar
http://sedici.unlp.edu.ar. https://blog.sedici.unlp.edu.ar http://sedici.unlp.edu.ar

Javascript included from: https://cdn.jsdelivr.net https://d1bxh8uas1mnw7.cloudfront.net https://comparisons.sovrn.com


https://i.simpli.fi https://cdn.tynt.com https://sb.scorecardresearch.com https://px.owneriq.net https://cdn.viglink.com
https://partner.shareaholic.com https://script.hotjar.com https://static.hotjar.com https://m9m6e2w5.stackpathcdn.com
https://platform.twitter.com https://www.googletagmanager.com https://stats.wp.com https://cdn.shareaholic.net
https://by2.uservoice.com https://connect.facebook.net https://www.google-analytics.com http://connect.facebook.net
http://widget.uservoice.com http://platform.twitter.com http://ajax.googleapis.com https://multisitio.sedici.unlp.edu.ar
https://matomo.sedici.unlp.edu.ar http://blog.sedici.unlp.edu.ar http://sedici.unlp.edu.ar. https://blog.sedici.unlp.edu.ar
http://sedici.unlp.edu.ar
Generated on Mon, 12 Jun 2023 13:30:46

ZAP Version: 2.12.0

Summary of Alerts

Risk Level Number of Alerts

High 0
Medium 8
Low 10
Informational 5

Alerts

Name Risk Level Number of Instances

Absence of Anti-CSRF Tokens Medium 103


CSP: Wildcard Directive Medium 1
CSP: script-src unsafe-inline Medium 1
CSP: style-src unsafe-inline Medium 1
Content Security Policy (CSP) Header Not Set Medium 102
Cross-Domain Misconfiguration Medium 15
Missing Anti-clickjacking Header Medium 102
Vulnerable JS Library Medium 3
Cookie No HttpOnly Flag Low 6
Cookie Without Secure Flag Low 2
Cookie with SameSite Attribute None Low 3
Cookie without SameSite Attribute Low 11
Cross-Domain JavaScript Source File Inclusion Low 105
Secure Pages Include Mixed Content Low 75
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) Low 1
Server Leaks Version Information via "Server" HTTP Response Header Field Low 100
Strict-Transport-Security Header Not Set Low 102
X-Content-Type-Options Header Missing Low 102
Charset Mismatch Informational 9
Loosely Scoped Cookie Informational 4
Re-examine Cache-control Directives Informational 102
Retrieved from Cache Informational 102
User Controllable HTML Element Attribute (Potential XSS) Informational 61

Alert Detail

Medium Absence of Anti-CSRF Tokens


No Anti-CSRF tokens were found in a HTML submission form.

A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to
perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack
is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS,
CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused
deputy, and sea surf.

CSRF attacks are effective in a number of situations, including:


Description
* The victim has an active session on the target site.

* The victim is authenticated via HTTP auth on the target site.

* The victim is on the same local network as the target site.

CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose
information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS
can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

URL http://sedici.unlp.edu.ar./
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=0&type=subject
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=0&type=subject
Method GET
Parameter
Attack
<form id="aspect_artifactbrowser_ConfigurableBrowse_div_browse-navigation" class="ds-interactive-div secondary navigation" action="browse" method="post"
Evidence
onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=A&type=subject
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=A&type=subject
Method GET
Parameter
Attack
<form id="aspect_artifactbrowser_ConfigurableBrowse_div_browse-navigation" class="ds-interactive-div secondary navigation" action="browse" method="post"
Evidence
onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=B&type=subject
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=B&type=subject
Method GET
Parameter
Attack
<form id="aspect_artifactbrowser_ConfigurableBrowse_div_browse-navigation" class="ds-interactive-div secondary navigation" action="browse" method="post"
Evidence
onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=C&type=subject
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=C&type=subject
Method GET
Parameter
Attack
<form id="aspect_artifactbrowser_ConfigurableBrowse_div_browse-navigation" class="ds-interactive-div secondary navigation" action="browse" method="post"
Evidence
onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=D&type=subject
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=D&type=subject
Method GET
Parameter
Attack
<form id="aspect_artifactbrowser_ConfigurableBrowse_div_browse-navigation" class="ds-interactive-div secondary navigation" action="browse" method="post"
Evidence
onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=E&type=subject
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=E&type=subject
Method GET
Parameter
Attack
<form id="aspect_artifactbrowser_ConfigurableBrowse_div_browse-navigation" class="ds-interactive-div secondary navigation" action="browse" method="post"
Evidence
onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=F&type=subject
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=F&type=subject
Method GET
Parameter
Attack
<form id="aspect_artifactbrowser_ConfigurableBrowse_div_browse-navigation" class="ds-interactive-div secondary navigation" action="browse" method="post"
Evidence
onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=G&type=subject
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=G&type=subject
Method GET
Parameter
Attack
<form id="aspect_artifactbrowser_ConfigurableBrowse_div_browse-navigation" class="ds-interactive-div secondary navigation" action="browse" method="post"
Evidence
onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=H&type=subject
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=H&type=subject
Method GET
Parameter
Attack
<form id="aspect_artifactbrowser_ConfigurableBrowse_div_browse-navigation" class="ds-interactive-div secondary navigation" action="browse" method="post"
Evidence
onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=I&type=subject
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=I&type=subject
Method GET
Parameter
Attack
<form id="aspect_artifactbrowser_ConfigurableBrowse_div_browse-navigation" class="ds-interactive-div secondary navigation" action="browse" method="post"
Evidence
onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=J&type=subject
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=J&type=subject
Method GET
Parameter
Attack
<form id="aspect_artifactbrowser_ConfigurableBrowse_div_browse-navigation" class="ds-interactive-div secondary navigation" action="browse" method="post"
Evidence
onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=M&type=subject
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=M&type=subject
Method GET
Parameter
Attack
<form id="aspect_artifactbrowser_ConfigurableBrowse_div_browse-navigation" class="ds-interactive-div secondary navigation" action="browse" method="post"
Evidence
onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=R&type=subject
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=R&type=subject
Method GET
Parameter
Attack
<form id="aspect_artifactbrowser_ConfigurableBrowse_div_browse-navigation" class="ds-interactive-div secondary navigation" action="browse" method="post"
Evidence
onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?rpp=60&type=author
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?rpp=60&type=author
Method GET
Parameter
Attack
<form id="aspect_artifactbrowser_ConfigurableBrowse_div_browse-navigation" class="ds-interactive-div secondary navigation" action="browse" method="post"
Evidence
onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?type=subject
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/browse?type=subject
Method GET
Parameter
Attack
<form id="aspect_artifactbrowser_ConfigurableBrowse_div_browse-navigation" class="ds-interactive-div secondary navigation" action="browse" method="post"
Evidence
onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/community-list
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/discover
Method GET
Parameter
Attack
<form id="aspect_discovery_SimpleSearch_div_general-query" class="ds-interactive-div discover-search-box" action="discover" method="get"
Evidence
onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/discover
Method GET
Parameter
Attack
Evidence <form id="aspect_discovery_SimpleSearch_div_main-form" class="ds-interactive-div " action="/discover" method="post" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/discover?filter=Conjunto+de+datos&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter
Attack
<form id="aspect_discovery_SimpleSearch_div_general-query" class="ds-interactive-div discover-search-box" action="discover" method="get"
Evidence
onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/discover?filter=Conjunto+de+datos&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter
Attack
Evidence <form id="aspect_discovery_SimpleSearch_div_main-form" class="ds-interactive-div " action="/discover" method="post" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/discover?filter=http://voc.sedici.unlp.edu.ar/node/55359&filter_relational_operator=authority&filtertype=author
Method GET
Parameter
Attack
<form id="aspect_discovery_SimpleSearch_div_general-query" class="ds-interactive-div discover-search-box" action="discover" method="get"
Evidence
onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/discover?filter=http://voc.sedici.unlp.edu.ar/node/55359&filter_relational_operator=authority&filtertype=author
Method GET
Parameter
Attack
Evidence <form id="aspect_discovery_SimpleSearch_div_main-form" class="ds-interactive-div " action="/discover" method="post" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/discover?filter=Libro&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter
Attack
<form id="aspect_discovery_SimpleSearch_div_general-query" class="ds-interactive-div discover-search-box" action="discover" method="get"
Evidence
onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/discover?filter=Libro&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter
Attack
Evidence <form id="aspect_discovery_SimpleSearch_div_main-form" class="ds-interactive-div " action="/discover" method="post" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/discover?query=ZAP&submit
Method GET
Parameter
Attack
<form id="aspect_discovery_SimpleSearch_div_general-query" class="ds-interactive-div discover-search-box" action="discover" method="get"
Evidence
onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/discover?query=ZAP&submit
Method GET
Parameter
Attack
Evidence <form id="aspect_discovery_SimpleSearch_div_main-form" class="ds-interactive-div " action="/discover" method="post" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/handle/10915/154194
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/handle/10915/154197
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/handle/10915/154198
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/handle/10915/154199
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/handle/10915/154200
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/handle/10915/74049
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/pages/ayudaInvestigadores
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/pages/comoAgregarTrabajos
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/pages/comoLlegar
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/pages/estadisticasContenidoRepositorio
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/pages/FAQ
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/pages/informacionTesistas
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/pages/links
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/pages/politicas
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/pages/queEsSedici
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/pages/resolucionSedici
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/pages/revistasAccesoAbierto
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/pages/staff
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/register
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/register
Method GET
Parameter
Attack
<form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" xmlns="http://di.tamu.edu/DRI/1.0/" id="aspect_eperson_StartRegistration_div_register" class="ds-
Evidence
interactive-div primary" action="/register" method="post" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/sitemap.xml
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL http://sedici.unlp.edu.ar/themes
Method GET
Parameter
Attack
Evidence <form xmlns:i18n="http://apache.org/cocoon/i18n/2.1" class="ds-interactive-div" action="/discover" method="GET" onsubmit="javascript:tSubmit(this);">
URL https://blog.sedici.unlp.edu.ar/2017/02/02/biredial-istec-2017-y-novedades/
Method GET
Parameter
Attack
Evidence <form method="get" id="searchform" action="https://blog.sedici.unlp.edu.ar/">
URL https://blog.sedici.unlp.edu.ar/2017/02/02/biredial-istec-2017-y-novedades/
Method GET
Parameter
Attack
Evidence <form action="https://blog.sedici.unlp.edu.ar/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate>
URL https://blog.sedici.unlp.edu.ar/2017/02/07/actualizacion-a-ojs-3-del-portal-de-revistas-de-la-unlp/
Method GET
Parameter
Attack
Evidence <form method="get" id="searchform" action="https://blog.sedici.unlp.edu.ar/">
URL https://blog.sedici.unlp.edu.ar/2017/02/07/actualizacion-a-ojs-3-del-portal-de-revistas-de-la-unlp/
Method GET
Parameter
Attack
Evidence <form action="https://blog.sedici.unlp.edu.ar/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate>
URL https://blog.sedici.unlp.edu.ar/2017/03/06/receta-para-preparar-nuestro-propio-sistema-solar/
Method GET
Parameter
Attack
Evidence <form method="get" id="searchform" action="https://blog.sedici.unlp.edu.ar/">
URL https://blog.sedici.unlp.edu.ar/2017/03/06/receta-para-preparar-nuestro-propio-sistema-solar/
Method GET
Parameter
Attack
Evidence <form action="https://blog.sedici.unlp.edu.ar/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate>
URL https://blog.sedici.unlp.edu.ar/2017/04/05/serie-de-entrevistas-a-investigadores-de-la-unlp-en-radio-universidad/
Method GET
Parameter
Attack
Evidence <form method="get" id="searchform" action="https://blog.sedici.unlp.edu.ar/">
URL https://blog.sedici.unlp.edu.ar/2017/04/05/serie-de-entrevistas-a-investigadores-de-la-unlp-en-radio-universidad/
Method GET
Parameter
Attack
Evidence <form action="https://blog.sedici.unlp.edu.ar/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate>
URL https://blog.sedici.unlp.edu.ar/2017/04/21/distincion-a-sedici-de-la-fundacion-museo-de-la-plata/
Method GET
Parameter
Attack
Evidence <form method="get" id="searchform" action="https://blog.sedici.unlp.edu.ar/">
URL https://blog.sedici.unlp.edu.ar/2017/04/21/distincion-a-sedici-de-la-fundacion-museo-de-la-plata/
Method GET
Parameter
Attack
Evidence <form action="https://blog.sedici.unlp.edu.ar/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate>
URL https://blog.sedici.unlp.edu.ar/2017/04/28/se-termina-la-mision-cassini-huygens/
Method GET
Parameter
Attack
Evidence <form method="get" id="searchform" action="https://blog.sedici.unlp.edu.ar/">
URL https://blog.sedici.unlp.edu.ar/2017/04/28/se-termina-la-mision-cassini-huygens/
Method GET
Parameter
Attack
Evidence <form action="https://blog.sedici.unlp.edu.ar/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate>
URL https://blog.sedici.unlp.edu.ar/2017/05/09/plagio-recomendaciones-para-evitarlo-y-softwares-de-deteccion/

Method GET
Parameter
Attack
Evidence <form method="get" id="searchform" action="https://blog.sedici.unlp.edu.ar/">
URL https://blog.sedici.unlp.edu.ar/2017/05/09/plagio-recomendaciones-para-evitarlo-y-softwares-de-deteccion/
Method GET
Parameter
Attack
Evidence <form action="https://blog.sedici.unlp.edu.ar/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate>
URL https://blog.sedici.unlp.edu.ar/2017/08/02/sedici-en-el-ranking-webometrics/
Method GET
Parameter
Attack
Evidence <form method="get" id="searchform" action="https://blog.sedici.unlp.edu.ar/">
URL https://blog.sedici.unlp.edu.ar/2017/08/25/taller-de-revistas-academicas-en-jursoc/
Method GET
Parameter
Attack
Evidence <form method="get" id="searchform" action="https://blog.sedici.unlp.edu.ar/">
URL https://blog.sedici.unlp.edu.ar/2017/10/25/semana-del-acceso-abierto-open-access-week/
Method GET
Parameter
Attack
Evidence <form method="get" id="searchform" action="https://blog.sedici.unlp.edu.ar/">
URL https://blog.sedici.unlp.edu.ar/2017/10/25/semana-del-acceso-abierto-open-access-week/
Method GET
Parameter
Attack
Evidence <form action="https://blog.sedici.unlp.edu.ar/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate>
URL https://blog.sedici.unlp.edu.ar/2018/04/09/viii-conferencia-internacional-biredial-istec-2018/
Method GET
Parameter
Attack
Evidence <form method="get" id="searchform" action="https://blog.sedici.unlp.edu.ar/">
URL https://blog.sedici.unlp.edu.ar/2018/04/09/viii-conferencia-internacional-biredial-istec-2018/
Method GET
Parameter
Attack
Evidence <form action="https://blog.sedici.unlp.edu.ar/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate>
URL https://blog.sedici.unlp.edu.ar/2019/03/29/digitalizacion-de-libros-antiguos-en-sedici/
Method GET
Parameter
Attack
Evidence <form method="get" id="searchform" action="https://blog.sedici.unlp.edu.ar/">
URL https://blog.sedici.unlp.edu.ar/2019/03/29/digitalizacion-de-libros-antiguos-en-sedici/
Method GET
Parameter
Attack
Evidence <form action="https://blog.sedici.unlp.edu.ar/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate>
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/
Method GET
Parameter
Attack
Evidence <form method="get" id="searchform" action="https://blog.sedici.unlp.edu.ar/">
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/
Method GET
Parameter
Attack
Evidence <form action="https://blog.sedici.unlp.edu.ar/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate>
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/
Method GET
Parameter
Attack
Evidence <form method="get" id="searchform" action="https://blog.sedici.unlp.edu.ar/">
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/
Method GET
Parameter
Attack
Evidence <form action="https://blog.sedici.unlp.edu.ar/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate>
URL https://blog.sedici.unlp.edu.ar/2019/05/22/charla-en-la-facultad-de-ciencias-economicas-de-la-unlp/
Method GET
Parameter
Attack
Evidence <form method="get" id="searchform" action="https://blog.sedici.unlp.edu.ar/">
URL https://blog.sedici.unlp.edu.ar/2019/05/22/charla-en-la-facultad-de-ciencias-economicas-de-la-unlp/
Method GET
Parameter
Attack
Evidence <form action="https://blog.sedici.unlp.edu.ar/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate>
URL https://blog.sedici.unlp.edu.ar/2019/06/03/digitalizacion-de-publicaciones-oficiales-antiguas-sobre-inundaciones/
Method GET
Parameter
Attack
Evidence <form method="get" id="searchform" action="https://blog.sedici.unlp.edu.ar/">
URL https://blog.sedici.unlp.edu.ar/2019/06/03/digitalizacion-de-publicaciones-oficiales-antiguas-sobre-inundaciones/
Method GET
Parameter
Attack
Evidence <form action="https://blog.sedici.unlp.edu.ar/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate>
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/
Method GET
Parameter
Attack
Evidence <form method="get" id="searchform" action="https://blog.sedici.unlp.edu.ar/">
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/
Method GET
Parameter
Attack
Evidence <form action="https://blog.sedici.unlp.edu.ar/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate>
URL https://blog.sedici.unlp.edu.ar/2020/09/29/recuerdo-y-presencia-de-emiliano-marmonti/
Method GET
Parameter
Attack
Evidence <form method="get" id="searchform" action="https://blog.sedici.unlp.edu.ar/">
URL https://blog.sedici.unlp.edu.ar/2020/09/29/recuerdo-y-presencia-de-emiliano-marmonti/
Method GET
Parameter
Attack
Evidence <form action="https://blog.sedici.unlp.edu.ar/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate>
URL https://blog.sedici.unlp.edu.ar/2020/09/30/sedici-se-ubico-en-la-posicion-21-en-el-transparent-ranking-de-repositorios-2020/
Method GET
Parameter
Attack
Evidence <form method="get" id="searchform" action="https://blog.sedici.unlp.edu.ar/">
URL https://blog.sedici.unlp.edu.ar/2020/09/30/sedici-se-ubico-en-la-posicion-21-en-el-transparent-ranking-de-repositorios-2020/
Method GET
Parameter
Attack
Evidence <form action="https://blog.sedici.unlp.edu.ar/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate>
URL https://blog.sedici.unlp.edu.ar/2021/12/09/cuarta-edicion-del-libro-de-cirugia-ya-disponible-en-el-repositorio/
Method GET
Parameter
Attack
Evidence <form method="get" id="searchform" action="https://blog.sedici.unlp.edu.ar/">
URL https://blog.sedici.unlp.edu.ar/2021/12/09/cuarta-edicion-del-libro-de-cirugia-ya-disponible-en-el-repositorio/
Method GET
Parameter
Attack
Evidence <form action="https://blog.sedici.unlp.edu.ar/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate>
Instances 103
Phase: Architecture and Design

Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.

For example, use anti-CSRF packages such as the OWASP CSRFGuard.

Phase: Implementation

Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

Phase: Architecture and Design

Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable
(CWE-330).

Note that this can be bypassed using XSS.


Solution
Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended
to perform that operation.

Note that this can be bypassed using XSS.

Use the ESAPI Session Management control.

This control includes a component for CSRF.

Do not use the GET method for any request that triggers a state change.

Phase: Implementation

Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may
have disabled sending the Referer for privacy reasons.
http://projects.webappsec.org/Cross-Site-Request-Forgery

Reference
http://cwe.mitre.org/data/definitions/352.html
CWE Id 352
WASC Id 9
Plugin Id 10202

Medium CSP: Wildcard Directive


Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site
Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set
Description
of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered
types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.

URL https://matomo.sedici.unlp.edu.ar/
Method GET
Parameter Content-Security-Policy
Attack
Evidence default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:;
Instances 1
Solution Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
Reference http://www.w3.org/TR/CSP2/

http://www.w3.org/TR/CSP/

http://caniuse.com/#search=content+security+policy

http://content-security-policy.com/

https://github.com/shapesecurity/salvation

https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources
CWE Id 693
WASC Id 15
Plugin Id 10055

Medium CSP: script-src unsafe-inline


Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site
Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set
Description
of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered
types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.

URL https://matomo.sedici.unlp.edu.ar/
Method GET
Parameter Content-Security-Policy
Attack
Evidence default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:;
Instances 1
Solution Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
http://www.w3.org/TR/CSP2/

http://www.w3.org/TR/CSP/

http://caniuse.com/#search=content+security+policy

Reference
http://content-security-policy.com/

https://github.com/shapesecurity/salvation

https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources
CWE Id 693
WASC Id 15
Plugin Id 10055

Medium CSP: style-src unsafe-inline


Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site
Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set
Description
of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered
types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.

URL https://matomo.sedici.unlp.edu.ar/
Method GET
Parameter Content-Security-Policy
Attack
Evidence default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:;
Instances 1
Solution Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
http://www.w3.org/TR/CSP2/

http://www.w3.org/TR/CSP/

http://caniuse.com/#search=content+security+policy

Reference
http://content-security-policy.com/

https://github.com/shapesecurity/salvation

https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources
CWE Id 693
WASC Id 15
Plugin Id 10055

Medium Content Security Policy (CSP) Header Not Set


Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data
injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP
Description
headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript,
CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.

URL http://sedici.unlp.edu.ar./
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77098&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77106&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77107&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77133&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77159&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77166&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&offset=20&order=ASC&rpp=20&sort_by=-1&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=10&sort_by=-1&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=100&sort_by=-1&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=0&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=A&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=B&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=C&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=D&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=E&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=F&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=G&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=H&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=I&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=J&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=K&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=L&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=M&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=N&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=O&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=P&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=Q&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=R&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=S&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=T&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=U&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=V&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=W&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=X&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=Y&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=Z&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=40&sort_by=-1&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=5&sort_by=-1&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=60&sort_by=-1&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=80&sort_by=-1&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=DESC&rpp=20&sort_by=-1&type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?rpp=60&type=author
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?type=subject
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/community-list
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=Conjunto+de+datos&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=http://voc.sedici.unlp.edu.ar/node/55359&filter_relational_operator=authority&filtertype=author
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=Libro&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?query=ZAP&submit
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/1
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/1038
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/154194
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/154197
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/154198
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/154199
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/154200
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/18267
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/25224
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/26450
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/27268
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/34144
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/51
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/74049
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/ayudaInvestigadores
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/comoAgregarTrabajos
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/comoLlegar
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/estadisticasContenidoRepositorio
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/FAQ
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/informacionTesistas
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/links
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/politicas
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/queEsSedici
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/resolucionSedici
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/revistasAccesoAbierto
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/staff
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/register
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/search-filter
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/sitemap.xml
Method GET
Parameter
Attack
Evidence
URL http://sedici.unlp.edu.ar/themes
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/02/02/biredial-istec-2017-y-novedades/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/02/07/actualizacion-a-ojs-3-del-portal-de-revistas-de-la-unlp/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/03/06/receta-para-preparar-nuestro-propio-sistema-solar/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/04/05/serie-de-entrevistas-a-investigadores-de-la-unlp-en-radio-universidad/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/04/21/distincion-a-sedici-de-la-fundacion-museo-de-la-plata/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/04/28/se-termina-la-mision-cassini-huygens/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/05/09/plagio-recomendaciones-para-evitarlo-y-softwares-de-deteccion/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/08/02/sedici-en-el-ranking-webometrics/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/08/25/taller-de-revistas-academicas-en-jursoc/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/10/25/semana-del-acceso-abierto-open-access-week/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2018/04/09/viii-conferencia-internacional-biredial-istec-2018/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/03/29/digitalizacion-de-libros-antiguos-en-sedici/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/22/charla-en-la-facultad-de-ciencias-economicas-de-la-unlp/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/06/03/digitalizacion-de-publicaciones-oficiales-antiguas-sobre-inundaciones/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/09/29/recuerdo-y-presencia-de-emiliano-marmonti/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/09/30/sedici-se-ubico-en-la-posicion-21-en-el-transparent-ranking-de-repositorios-2020/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2021/12/09/cuarta-edicion-del-libro-de-cirugia-ya-disponible-en-el-repositorio/
Method GET
Parameter
Attack
Evidence
Instances 102
Solution Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.
https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy

https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html

http://www.w3.org/TR/CSP/

Reference http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html

http://www.html5rocks.com/en/tutorials/security/content-security-policy/

http://caniuse.com/#feat=contentsecuritypolicy

http://content-security-policy.com/
CWE Id 693
WASC Id 15
Plugin Id 10038

Medium Cross-Domain Misconfiguration


Description Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server

URL https://blog.sedici.unlp.edu.ar/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1679375407
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://blog.sedici.unlp.edu.ar/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.7
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://blog.sedici.unlp.edu.ar/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.7
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://blog.sedici.unlp.edu.ar/wp-content/plugins/jetpack/_inc/build/facebook-embed.min.js?ver=12.2
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://blog.sedici.unlp.edu.ar/wp-content/plugins/jetpack/_inc/build/infinite-scroll/infinity.min.js?ver=12.2-is5.0.1
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://blog.sedici.unlp.edu.ar/wp-content/plugins/jetpack/_inc/build/likes/queuehandler.min.js?ver=12.2
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://blog.sedici.unlp.edu.ar/wp-content/plugins/jetpack/_inc/build/tiled-gallery/tiled-gallery/tiled-gallery.min.js?ver=12.2
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://blog.sedici.unlp.edu.ar/wp-content/plugins/jetpack/_inc/build/twitter-timeline.min.js?ver=4.0.0
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
https://blog.sedici.unlp.edu.ar/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?
URL
minify=false&ver=132249e245926ae3e188
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://blog.sedici.unlp.edu.ar/wp-content/themes/flat/assets/js/flat.min.js?ver=1.7.11
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://blog.sedici.unlp.edu.ar/wp-content/themes/flat/assets/js/html5shiv.min.js?ver=3.7.2
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://blog.sedici.unlp.edu.ar/wp-includes/js/comment-reply.min.js?ver=54f0247246dfc0bb91b4707720d6b799
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://blog.sedici.unlp.edu.ar/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://blog.sedici.unlp.edu.ar/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://blog.sedici.unlp.edu.ar/wp-includes/js/wp-emoji-release.min.js?ver=54f0247246dfc0bb91b4707720d6b799
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Instances 15
Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).
Solution
Configure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to
enforce the Same Origin Policy (SOP) in a more restrictive manner.
Reference https://vulncat.fortify.com/en/detail?id=desc.config.dotnet.html5_overly_permissive_cors_policy
CWE Id 264
WASC Id 14
Plugin Id 10098

Medium Missing Anti-clickjacking Header


Description The response does not include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options to protect against 'ClickJacking' attacks.

URL http://sedici.unlp.edu.ar./
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77098&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77106&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77107&type=subject

Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77133&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77146&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77147&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77159&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77161&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77166&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&offset=20&order=ASC&rpp=20&sort_by=-1&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=10&sort_by=-1&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=100&sort_by=-1&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=0&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=A&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=B&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=C&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=D&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=E&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=F&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=G&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=H&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=I&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=J&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=K&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=L&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=M&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=N&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=O&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=P&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=Q&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=R&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=S&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=T&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=U&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=V&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=W&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=X&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=Y&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=Z&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=40&sort_by=-1&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=5&sort_by=-1&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=60&sort_by=-1&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=80&sort_by=-1&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=DESC&rpp=20&sort_by=-1&type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?rpp=60&type=author
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?type=subject
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/community-list
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=Conjunto+de+datos&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=http://voc.sedici.unlp.edu.ar/node/55359&filter_relational_operator=authority&filtertype=author
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=Libro&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?query=ZAP&submit
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/1
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/1038
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/154194
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/154197
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/154198
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/154199
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/154200
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/18267
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/25224
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/26450
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/27268
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/34144
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/51
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/74049
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/ayudaInvestigadores
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/comoAgregarTrabajos
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/comoLlegar
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/estadisticasContenidoRepositorio
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/FAQ
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/informacionTesistas
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/links
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/politicas
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/queEsSedici
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/resolucionSedici
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/revistasAccesoAbierto
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/staff
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/register
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/02/02/biredial-istec-2017-y-novedades/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/02/07/actualizacion-a-ojs-3-del-portal-de-revistas-de-la-unlp/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/03/06/receta-para-preparar-nuestro-propio-sistema-solar/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/04/05/serie-de-entrevistas-a-investigadores-de-la-unlp-en-radio-universidad/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/04/21/distincion-a-sedici-de-la-fundacion-museo-de-la-plata/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/04/28/se-termina-la-mision-cassini-huygens/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/05/09/plagio-recomendaciones-para-evitarlo-y-softwares-de-deteccion/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/08/02/sedici-en-el-ranking-webometrics/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/08/25/taller-de-revistas-academicas-en-jursoc/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/10/25/semana-del-acceso-abierto-open-access-week/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2018/04/09/viii-conferencia-internacional-biredial-istec-2018/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/03/29/digitalizacion-de-libros-antiguos-en-sedici/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/22/charla-en-la-facultad-de-ciencias-economicas-de-la-unlp/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/06/03/digitalizacion-de-publicaciones-oficiales-antiguas-sobre-inundaciones/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/09/29/recuerdo-y-presencia-de-emiliano-marmonti/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/09/30/sedici-se-ubico-en-la-posicion-21-en-el-transparent-ranking-de-repositorios-2020/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2021/12/09/cuarta-edicion-del-libro-de-cirugia-ya-disponible-en-el-repositorio/
Method GET
Parameter X-Frame-Options
Attack
Evidence
Instances 102
Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your
site/app.
Solution
If you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never
expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
Reference https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
CWE Id 1021
WASC Id 15
Plugin Id 10020

Medium Vulnerable JS Library


Description The identified library bootstrap, version 3.3.2 is vulnerable.

URL http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Method GET
Parameter
Attack
Evidence /1.7.2/jquery.min.js
URL http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Method GET
Parameter
Attack
Evidence /1.8.15/jquery-ui.min.js
URL https://blog.sedici.unlp.edu.ar/wp-content/themes/flat/assets/js/flat.min.js?ver=1.7.11
Method GET
Parameter
Attack
Evidence this.close)};d.VERSION="3.3.2",d.TRANSITION_DURATION=150,d.prototype.close
Instances 3
Solution Please upgrade to the latest version of bootstrap.
https://github.com/twbs/bootstrap/issues/28236

https://github.com/twbs/bootstrap/issues/20184

https://github.com/advisories/GHSA-ph58-4vrj-w6hr

Reference
https://github.com/twbs/bootstrap/issues/20631

https://github.com/advisories/GHSA-4p24-vmcr-4gqj

https://nvd.nist.gov/vuln/detail/CVE-2018-20676
CWE Id 829
WASC Id
Plugin Id 10003

Low Cookie No HttpOnly Flag


A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then
Description
the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.

https://by2.uservoice.com/t2/125574/web/track.js?
URL
_=1686576499474&s=1&c=__uvSessionData0&d=eyJlIjp7InUiOiJodHRwOi8vc2VkaWNpLnVubHAuZWR1LmFyLyIsInIiOiIifX0%3D
Method GET
Parameter uvts
Attack
Evidence Set-Cookie: uvts
https://by2.uservoice.com/t2/125574/web/track.js?
URL
_=1686576509723&s=0&c=__uvSessionData0&d=eyJlIjp7InUiOiJodHRwOi8vc2VkaWNpLnVubHAuZWR1LmFyLyIsInIiOiIifX0%3D
Method GET
Parameter uvts
Attack
Evidence Set-Cookie: uvts
URL https://i.simpli.fi/dpx.js?cid=66111&m=0&sifi_tuid=37828&referrer=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F
Method GET
Parameter suid
Attack
Evidence Set-Cookie: suid
URL https://i.simpli.fi/dpx.js?cid=66111&m=0&sifi_tuid=37828&referrer=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F
Method GET
Parameter suid_legacy
Attack
Evidence Set-Cookie: suid_legacy
https://partner.shareaholic.com/partners.js?
URL location=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F&referrer=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fsedici.unlp.edu.ar%2F&cl=es&id_sync=ebb9e803-8bbe-433c-b412-
fa40a29c48ce&pvs=1&site=68eeb7dd793634d3ccf0a886faf7dd89
Method GET
Parameter p_locc_user_id_expiry
Attack
Evidence set-cookie: p_locc_user_id_expiry
https://partner.shareaholic.com/partners.js?
URL location=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F&referrer=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fsedici.unlp.edu.ar%2F&cl=es&id_sync=ebb9e803-8bbe-433c-b412-
fa40a29c48ce&pvs=1&site=68eeb7dd793634d3ccf0a886faf7dd89
Method GET
Parameter p_locc_user_id_expiry-legacy
Attack
Evidence set-cookie: p_locc_user_id_expiry-legacy
Instances 6
Solution Ensure that the HttpOnly flag is set for all cookies.
Reference https://owasp.org/www-community/HttpOnly
CWE Id 1004
WASC Id 13
Plugin Id 10010

Low Cookie Without Secure Flag


Description A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.

https://by2.uservoice.com/t2/125574/web/track.js?
URL
_=1686576499474&s=1&c=__uvSessionData0&d=eyJlIjp7InUiOiJodHRwOi8vc2VkaWNpLnVubHAuZWR1LmFyLyIsInIiOiIifX0%3D
Method GET
Parameter uvts
Attack
Evidence Set-Cookie: uvts
https://by2.uservoice.com/t2/125574/web/track.js?
URL
_=1686576509723&s=0&c=__uvSessionData0&d=eyJlIjp7InUiOiJodHRwOi8vc2VkaWNpLnVubHAuZWR1LmFyLyIsInIiOiIifX0%3D
Method GET
Parameter uvts
Attack
Evidence Set-Cookie: uvts
Instances 2
Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag
Solution
is set for cookies containing such sensitive information.
https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-
Reference
Testing_for_Cookies_Attributes.html
CWE Id 614
WASC Id 13
Plugin Id 10011
Low Cookie with SameSite Attribute None
A cookie has been set with its SameSite attribute set to "none", which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite
Description
attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.

URL http://widget.uservoice.com/QIUtmn0eqp3spSPiyMziFg.js
Method GET
Parameter __cf_bm
Attack
Evidence Set-Cookie: __cf_bm
URL https://i.simpli.fi/dpx.js?cid=66111&m=0&sifi_tuid=37828&referrer=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F
Method GET
Parameter suid
Attack
Evidence Set-Cookie: suid
https://partner.shareaholic.com/partners.js?
URL location=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F&referrer=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fsedici.unlp.edu.ar%2F&cl=es&id_sync=ebb9e803-8bbe-433c-b412-
fa40a29c48ce&pvs=1&site=68eeb7dd793634d3ccf0a886faf7dd89
Method GET
Parameter p_locc_user_id_expiry
Attack
Evidence set-cookie: p_locc_user_id_expiry
Instances 3
Solution Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.
Reference https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site
CWE Id 1275
WASC Id 13
Plugin Id 10054

Low Cookie without SameSite Attribute


A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an
Description
effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.

URL http://sedici.unlp.edu.ar./
Method GET
Parameter JSESSIONID
Attack
Evidence Set-Cookie: JSESSIONID
URL http://sedici.unlp.edu.ar/
Method GET
Parameter JSESSIONID
Attack
Evidence Set-Cookie: JSESSIONID
URL http://sedici.unlp.edu.ar/browse?rpp=60&type=author
Method GET
Parameter JSESSIONID
Attack
Evidence Set-Cookie: JSESSIONID
URL http://sedici.unlp.edu.ar/community-list
Method GET
Parameter JSESSIONID
Attack
Evidence Set-Cookie: JSESSIONID
URL http://sedici.unlp.edu.ar/discover
Method GET
Parameter JSESSIONID
Attack
Evidence Set-Cookie: JSESSIONID
URL http://sedici.unlp.edu.ar/search-filter
Method GET
Parameter JSESSIONID
Attack
Evidence Set-Cookie: JSESSIONID
URL http://sedici.unlp.edu.ar/themes
Method GET
Parameter JSESSIONID
Attack
Evidence Set-Cookie: JSESSIONID
https://by2.uservoice.com/t2/125574/web/track.js?
URL
_=1686576499474&s=1&c=__uvSessionData0&d=eyJlIjp7InUiOiJodHRwOi8vc2VkaWNpLnVubHAuZWR1LmFyLyIsInIiOiIifX0%3D
Method GET
Parameter uvts
Attack
Evidence Set-Cookie: uvts
https://by2.uservoice.com/t2/125574/web/track.js?
URL
_=1686576509723&s=0&c=__uvSessionData0&d=eyJlIjp7InUiOiJodHRwOi8vc2VkaWNpLnVubHAuZWR1LmFyLyIsInIiOiIifX0%3D
Method GET
Parameter uvts
Attack
Evidence Set-Cookie: uvts
URL https://i.simpli.fi/dpx.js?cid=66111&m=0&sifi_tuid=37828&referrer=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F
Method GET
Parameter suid_legacy
Attack
Evidence Set-Cookie: suid_legacy
https://partner.shareaholic.com/partners.js?
URL location=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F&referrer=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fsedici.unlp.edu.ar%2F&cl=es&id_sync=ebb9e803-8bbe-433c-b412-
fa40a29c48ce&pvs=1&site=68eeb7dd793634d3ccf0a886faf7dd89
Method GET
Parameter p_locc_user_id_expiry-legacy
Attack
Evidence set-cookie: p_locc_user_id_expiry-legacy
Instances 11
Solution Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.
Reference https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site
CWE Id 1275
WASC Id 13
Plugin Id 10054

Low Cross-Domain JavaScript Source File Inclusion


Description The page includes one or more script files from a third-party domain.

URL http://sedici.unlp.edu.ar/
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/browse?rpp=60&type=author
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/browse?rpp=60&type=author
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/browse?type=subject
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/browse?type=subject
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/community-list
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/community-list
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/discover
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/discover
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/discover?query=ZAP&submit
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/discover?query=ZAP&submit
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/handle/10915/74049
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/handle/10915/74049
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/handle/10915/74049
Method GET
Parameter https://d1bxh8uas1mnw7.cloudfront.net/assets/embed.js
Attack
Evidence <script xmlns:i18n="http://apache.org/cocoon/i18n/2.1" src="https://d1bxh8uas1mnw7.cloudfront.net/assets/embed.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/ayudaInvestigadores
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/ayudaInvestigadores
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/comoAgregarTrabajos
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/comoAgregarTrabajos
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/comoLlegar
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/comoLlegar
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/estadisticasContenidoRepositorio
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/estadisticasContenidoRepositorio
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/FAQ
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/FAQ
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/informacionTesistas
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/informacionTesistas
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/links
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/links
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/politicas
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/politicas
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/queEsSedici
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/queEsSedici
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/revistasAccesoAbierto
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/revistasAccesoAbierto
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/staff
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/pages/staff
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/sitemap.xml
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/sitemap.xml
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/themes
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"> </script>
URL http://sedici.unlp.edu.ar/themes
Method GET
Parameter http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js
Attack
Evidence <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js" type="text/javascript"> </script>
URL https://blog.sedici.unlp.edu.ar/2017/04/21/distincion-a-sedici-de-la-fundacion-museo-de-la-plata/
Method GET
Parameter //cdn.shareaholic.net/assets/pub/shareaholic.js
Attack
<script data-no-minify='1' data-cfasync='false' src='//cdn.shareaholic.net/assets/pub/shareaholic.js' data-shr-siteid='68eeb7dd793634d3ccf0a886faf7dd89' async >
Evidence
</script>
URL https://blog.sedici.unlp.edu.ar/2017/04/21/distincion-a-sedici-de-la-fundacion-museo-de-la-plata/
Method GET
Parameter https://stats.wp.com/e-202324.js
Attack
Evidence <script defer src='https://stats.wp.com/e-202324.js' id='jetpack-stats-js'></script>
URL https://blog.sedici.unlp.edu.ar/2017/04/21/distincion-a-sedici-de-la-fundacion-museo-de-la-plata/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-15165518-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-15165518-1"></script>
URL https://blog.sedici.unlp.edu.ar/2017/04/21/distincion-a-sedici-de-la-fundacion-museo-de-la-plata/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer"></script>
URL https://blog.sedici.unlp.edu.ar/2017/04/28/se-termina-la-mision-cassini-huygens/
Method GET
Parameter //cdn.shareaholic.net/assets/pub/shareaholic.js
Attack
<script data-no-minify='1' data-cfasync='false' src='//cdn.shareaholic.net/assets/pub/shareaholic.js' data-shr-siteid='68eeb7dd793634d3ccf0a886faf7dd89' async >
Evidence
</script>
URL https://blog.sedici.unlp.edu.ar/2017/04/28/se-termina-la-mision-cassini-huygens/
Method GET
Parameter https://stats.wp.com/e-202324.js
Attack
Evidence <script defer src='https://stats.wp.com/e-202324.js' id='jetpack-stats-js'></script>
URL https://blog.sedici.unlp.edu.ar/2017/04/28/se-termina-la-mision-cassini-huygens/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-15165518-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-15165518-1"></script>
URL https://blog.sedici.unlp.edu.ar/2017/04/28/se-termina-la-mision-cassini-huygens/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer"></script>
URL https://blog.sedici.unlp.edu.ar/2017/05/09/plagio-recomendaciones-para-evitarlo-y-softwares-de-deteccion/
Method GET
Parameter //cdn.shareaholic.net/assets/pub/shareaholic.js
Attack
<script data-no-minify='1' data-cfasync='false' src='//cdn.shareaholic.net/assets/pub/shareaholic.js' data-shr-siteid='68eeb7dd793634d3ccf0a886faf7dd89' async >
Evidence
</script>
URL https://blog.sedici.unlp.edu.ar/2017/05/09/plagio-recomendaciones-para-evitarlo-y-softwares-de-deteccion/
Method GET
Parameter https://stats.wp.com/e-202324.js
Attack
Evidence <script defer src='https://stats.wp.com/e-202324.js' id='jetpack-stats-js'></script>
URL https://blog.sedici.unlp.edu.ar/2017/05/09/plagio-recomendaciones-para-evitarlo-y-softwares-de-deteccion/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-15165518-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-15165518-1"></script>
URL https://blog.sedici.unlp.edu.ar/2017/05/09/plagio-recomendaciones-para-evitarlo-y-softwares-de-deteccion/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer"></script>
URL https://blog.sedici.unlp.edu.ar/2017/08/02/sedici-en-el-ranking-webometrics/
Method GET
Parameter //cdn.shareaholic.net/assets/pub/shareaholic.js
Attack
<script data-no-minify='1' data-cfasync='false' src='//cdn.shareaholic.net/assets/pub/shareaholic.js' data-shr-siteid='68eeb7dd793634d3ccf0a886faf7dd89' async >
Evidence
</script>
URL https://blog.sedici.unlp.edu.ar/2017/08/02/sedici-en-el-ranking-webometrics/
Method GET
Parameter https://stats.wp.com/e-202324.js
Attack
Evidence <script defer src='https://stats.wp.com/e-202324.js' id='jetpack-stats-js'></script>
URL https://blog.sedici.unlp.edu.ar/2017/08/02/sedici-en-el-ranking-webometrics/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-15165518-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-15165518-1"></script>
URL https://blog.sedici.unlp.edu.ar/2017/08/02/sedici-en-el-ranking-webometrics/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer"></script>
URL https://blog.sedici.unlp.edu.ar/2017/08/25/taller-de-revistas-academicas-en-jursoc/
Method GET
Parameter //cdn.shareaholic.net/assets/pub/shareaholic.js
Attack
<script data-no-minify='1' data-cfasync='false' src='//cdn.shareaholic.net/assets/pub/shareaholic.js' data-shr-siteid='68eeb7dd793634d3ccf0a886faf7dd89' async >
Evidence
</script>
URL https://blog.sedici.unlp.edu.ar/2017/08/25/taller-de-revistas-academicas-en-jursoc/
Method GET
Parameter https://stats.wp.com/e-202324.js
Attack
Evidence <script defer src='https://stats.wp.com/e-202324.js' id='jetpack-stats-js'></script>
URL https://blog.sedici.unlp.edu.ar/2017/08/25/taller-de-revistas-academicas-en-jursoc/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-15165518-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-15165518-1"></script>
URL https://blog.sedici.unlp.edu.ar/2017/08/25/taller-de-revistas-academicas-en-jursoc/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer"></script>
URL https://blog.sedici.unlp.edu.ar/2017/10/25/semana-del-acceso-abierto-open-access-week/
Method GET
Parameter //cdn.shareaholic.net/assets/pub/shareaholic.js
Attack
<script data-no-minify='1' data-cfasync='false' src='//cdn.shareaholic.net/assets/pub/shareaholic.js' data-shr-siteid='68eeb7dd793634d3ccf0a886faf7dd89' async >
Evidence
</script>
URL https://blog.sedici.unlp.edu.ar/2017/10/25/semana-del-acceso-abierto-open-access-week/
Method GET
Parameter https://stats.wp.com/e-202324.js
Attack
Evidence <script defer src='https://stats.wp.com/e-202324.js' id='jetpack-stats-js'></script>
URL https://blog.sedici.unlp.edu.ar/2017/10/25/semana-del-acceso-abierto-open-access-week/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-15165518-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-15165518-1"></script>
URL https://blog.sedici.unlp.edu.ar/2017/10/25/semana-del-acceso-abierto-open-access-week/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer"></script>
URL https://blog.sedici.unlp.edu.ar/2018/04/09/viii-conferencia-internacional-biredial-istec-2018/
Method GET
Parameter //cdn.shareaholic.net/assets/pub/shareaholic.js
Attack
<script data-no-minify='1' data-cfasync='false' src='//cdn.shareaholic.net/assets/pub/shareaholic.js' data-shr-siteid='68eeb7dd793634d3ccf0a886faf7dd89' async >
Evidence
</script>
URL https://blog.sedici.unlp.edu.ar/2018/04/09/viii-conferencia-internacional-biredial-istec-2018/
Method GET
Parameter https://stats.wp.com/e-202324.js
Attack
Evidence <script defer src='https://stats.wp.com/e-202324.js' id='jetpack-stats-js'></script>
URL https://blog.sedici.unlp.edu.ar/2018/04/09/viii-conferencia-internacional-biredial-istec-2018/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-15165518-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-15165518-1"></script>
URL https://blog.sedici.unlp.edu.ar/2018/04/09/viii-conferencia-internacional-biredial-istec-2018/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer"></script>
URL https://blog.sedici.unlp.edu.ar/2019/03/29/digitalizacion-de-libros-antiguos-en-sedici/
Method GET
Parameter //cdn.shareaholic.net/assets/pub/shareaholic.js
Attack
<script data-no-minify='1' data-cfasync='false' src='//cdn.shareaholic.net/assets/pub/shareaholic.js' data-shr-siteid='68eeb7dd793634d3ccf0a886faf7dd89' async >
Evidence
</script>
URL https://blog.sedici.unlp.edu.ar/2019/03/29/digitalizacion-de-libros-antiguos-en-sedici/
Method GET
Parameter https://stats.wp.com/e-202324.js
Attack
Evidence <script defer src='https://stats.wp.com/e-202324.js' id='jetpack-stats-js'></script>
URL https://blog.sedici.unlp.edu.ar/2019/03/29/digitalizacion-de-libros-antiguos-en-sedici/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-15165518-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-15165518-1"></script>
URL https://blog.sedici.unlp.edu.ar/2019/03/29/digitalizacion-de-libros-antiguos-en-sedici/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer"></script>
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/
Method GET
Parameter //cdn.shareaholic.net/assets/pub/shareaholic.js
Attack
<script data-no-minify='1' data-cfasync='false' src='//cdn.shareaholic.net/assets/pub/shareaholic.js' data-shr-siteid='68eeb7dd793634d3ccf0a886faf7dd89' async >
Evidence
</script>
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/
Method GET
Parameter https://stats.wp.com/e-202324.js
Attack
Evidence <script defer src='https://stats.wp.com/e-202324.js' id='jetpack-stats-js'></script>
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-15165518-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-15165518-1"></script>
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer"></script>
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/
Method GET
Parameter //cdn.shareaholic.net/assets/pub/shareaholic.js
Attack
<script data-no-minify='1' data-cfasync='false' src='//cdn.shareaholic.net/assets/pub/shareaholic.js' data-shr-siteid='68eeb7dd793634d3ccf0a886faf7dd89' async >
Evidence
</script>
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/
Method GET
Parameter https://stats.wp.com/e-202324.js
Attack
Evidence <script defer src='https://stats.wp.com/e-202324.js' id='jetpack-stats-js'></script>
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-15165518-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-15165518-1"></script>
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer"></script>
URL https://blog.sedici.unlp.edu.ar/2019/05/22/charla-en-la-facultad-de-ciencias-economicas-de-la-unlp/
Method GET
Parameter //cdn.shareaholic.net/assets/pub/shareaholic.js
Attack
<script data-no-minify='1' data-cfasync='false' src='//cdn.shareaholic.net/assets/pub/shareaholic.js' data-shr-siteid='68eeb7dd793634d3ccf0a886faf7dd89' async >
Evidence
</script>
URL https://blog.sedici.unlp.edu.ar/2019/05/22/charla-en-la-facultad-de-ciencias-economicas-de-la-unlp/
Method GET
Parameter https://stats.wp.com/e-202324.js
Attack
Evidence <script defer src='https://stats.wp.com/e-202324.js' id='jetpack-stats-js'></script>
URL https://blog.sedici.unlp.edu.ar/2019/05/22/charla-en-la-facultad-de-ciencias-economicas-de-la-unlp/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-15165518-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-15165518-1"></script>
URL https://blog.sedici.unlp.edu.ar/2019/05/22/charla-en-la-facultad-de-ciencias-economicas-de-la-unlp/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer"></script>
URL https://blog.sedici.unlp.edu.ar/2019/06/03/digitalizacion-de-publicaciones-oficiales-antiguas-sobre-inundaciones/
Method GET
Parameter //cdn.shareaholic.net/assets/pub/shareaholic.js
Attack
<script data-no-minify='1' data-cfasync='false' src='//cdn.shareaholic.net/assets/pub/shareaholic.js' data-shr-siteid='68eeb7dd793634d3ccf0a886faf7dd89' async >
Evidence
</script>
URL https://blog.sedici.unlp.edu.ar/2019/06/03/digitalizacion-de-publicaciones-oficiales-antiguas-sobre-inundaciones/
Method GET
Parameter https://stats.wp.com/e-202324.js
Attack
Evidence <script defer src='https://stats.wp.com/e-202324.js' id='jetpack-stats-js'></script>
URL https://blog.sedici.unlp.edu.ar/2019/06/03/digitalizacion-de-publicaciones-oficiales-antiguas-sobre-inundaciones/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-15165518-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-15165518-1"></script>
URL https://blog.sedici.unlp.edu.ar/2019/06/03/digitalizacion-de-publicaciones-oficiales-antiguas-sobre-inundaciones/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer"></script>
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/
Method GET
Parameter //cdn.shareaholic.net/assets/pub/shareaholic.js
Attack
<script data-no-minify='1' data-cfasync='false' src='//cdn.shareaholic.net/assets/pub/shareaholic.js' data-shr-siteid='68eeb7dd793634d3ccf0a886faf7dd89' async >
Evidence
</script>
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/
Method GET
Parameter https://stats.wp.com/e-202324.js
Attack
Evidence <script defer src='https://stats.wp.com/e-202324.js' id='jetpack-stats-js'></script>
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-15165518-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-15165518-1"></script>
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer"></script>
URL https://blog.sedici.unlp.edu.ar/2020/09/29/recuerdo-y-presencia-de-emiliano-marmonti/
Method GET
Parameter //cdn.shareaholic.net/assets/pub/shareaholic.js
Attack
<script data-no-minify='1' data-cfasync='false' src='//cdn.shareaholic.net/assets/pub/shareaholic.js' data-shr-siteid='68eeb7dd793634d3ccf0a886faf7dd89' async >
Evidence
</script>
URL https://blog.sedici.unlp.edu.ar/2020/09/29/recuerdo-y-presencia-de-emiliano-marmonti/
Method GET
Parameter https://stats.wp.com/e-202324.js
Attack
Evidence <script defer src='https://stats.wp.com/e-202324.js' id='jetpack-stats-js'></script>
URL https://blog.sedici.unlp.edu.ar/2020/09/29/recuerdo-y-presencia-de-emiliano-marmonti/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-15165518-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-15165518-1"></script>
URL https://blog.sedici.unlp.edu.ar/2020/09/29/recuerdo-y-presencia-de-emiliano-marmonti/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer"></script>
URL https://blog.sedici.unlp.edu.ar/2020/09/30/sedici-se-ubico-en-la-posicion-21-en-el-transparent-ranking-de-repositorios-2020/
Method GET
Parameter //cdn.shareaholic.net/assets/pub/shareaholic.js
Attack
<script data-no-minify='1' data-cfasync='false' src='//cdn.shareaholic.net/assets/pub/shareaholic.js' data-shr-siteid='68eeb7dd793634d3ccf0a886faf7dd89' async >
Evidence
</script>
URL https://blog.sedici.unlp.edu.ar/2020/09/30/sedici-se-ubico-en-la-posicion-21-en-el-transparent-ranking-de-repositorios-2020/
Method GET
Parameter https://stats.wp.com/e-202324.js
Attack
Evidence <script defer src='https://stats.wp.com/e-202324.js' id='jetpack-stats-js'></script>
URL https://blog.sedici.unlp.edu.ar/2020/09/30/sedici-se-ubico-en-la-posicion-21-en-el-transparent-ranking-de-repositorios-2020/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-15165518-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-15165518-1"></script>
URL https://blog.sedici.unlp.edu.ar/2020/09/30/sedici-se-ubico-en-la-posicion-21-en-el-transparent-ranking-de-repositorios-2020/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer"></script>
URL https://blog.sedici.unlp.edu.ar/2021/12/09/cuarta-edicion-del-libro-de-cirugia-ya-disponible-en-el-repositorio/
Method GET
Parameter //cdn.shareaholic.net/assets/pub/shareaholic.js
Attack
<script data-no-minify='1' data-cfasync='false' src='//cdn.shareaholic.net/assets/pub/shareaholic.js' data-shr-siteid='68eeb7dd793634d3ccf0a886faf7dd89' async >
Evidence
</script>
URL https://blog.sedici.unlp.edu.ar/2021/12/09/cuarta-edicion-del-libro-de-cirugia-ya-disponible-en-el-repositorio/
Method GET
Parameter https://stats.wp.com/e-202324.js
Attack
Evidence <script defer src='https://stats.wp.com/e-202324.js' id='jetpack-stats-js'></script>
URL https://blog.sedici.unlp.edu.ar/2021/12/09/cuarta-edicion-del-libro-de-cirugia-ya-disponible-en-el-repositorio/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-15165518-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-15165518-1"></script>
URL https://blog.sedici.unlp.edu.ar/2021/12/09/cuarta-edicion-del-libro-de-cirugia-ya-disponible-en-el-repositorio/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-60369720-11&l=beehiveDataLayer"></script>
Instances 105
Solution Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.
Reference
CWE Id 829
WASC Id 15
Plugin Id 10017

Low Secure Pages Include Mixed Content


Description The page includes mixed content, that is content accessed via HTTP instead of HTTPS.

URL https://blog.sedici.unlp.edu.ar/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2014/08/14/sedici-advierte-sobre-practicas-editoriales-sospechosas/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2017/02/02/biredial-istec-2017-y-novedades/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2017/02/07/actualizacion-a-ojs-3-del-portal-de-revistas-de-la-unlp/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2017/03/06/receta-para-preparar-nuestro-propio-sistema-solar/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2017/04/05/serie-de-entrevistas-a-investigadores-de-la-unlp-en-radio-universidad/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2017/04/21/distincion-a-sedici-de-la-fundacion-museo-de-la-plata/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2017/04/28/se-termina-la-mision-cassini-huygens/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2017/05/09/plagio-recomendaciones-para-evitarlo-y-softwares-de-deteccion/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2017/08/02/sedici-en-el-ranking-webometrics/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2017/08/25/taller-de-revistas-academicas-en-jursoc/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2017/10/25/semana-del-acceso-abierto-open-access-week/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2018/04/09/viii-conferencia-internacional-biredial-istec-2018/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2019/03/29/digitalizacion-de-libros-antiguos-en-sedici/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2019/03/29/digitalizacion-de-libros-antiguos-en-sedici/?replytocom=10256
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2019/03/29/digitalizacion-de-libros-antiguos-en-sedici/?replytocom=14326
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2019/03/29/digitalizacion-de-libros-antiguos-en-sedici/?replytocom=9871
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/?replytocom=9848
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/?replytocom=9849
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/?replytocom=9851
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/?replytocom=9860
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/?replytocom=9867
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/?replytocom=9929
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/?replytocom=13068
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/?replytocom=13142
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/?replytocom=25259
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/?replytocom=25454
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/?replytocom=25455
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2019/05/22/charla-en-la-facultad-de-ciencias-economicas-de-la-unlp/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2019/06/03/digitalizacion-de-publicaciones-oficiales-antiguas-sobre-inundaciones/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/?replytocom=13985
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/?replytocom=22701
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2020/09/29/recuerdo-y-presencia-de-emiliano-marmonti/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2020/09/30/sedici-se-ubico-en-la-posicion-21-en-el-transparent-ranking-de-repositorios-2020/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/2021/12/09/cuarta-edicion-del-libro-de-cirugia-ya-disponible-en-el-repositorio/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/?s=ZAP&submit=Buscar
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/acerca-de/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/acerca-de/contacto/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/acerca-de/politicas-del-repositorio/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/acerca-de/staff/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/author/analia/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/author/lucas/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/author/marisa/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/publicar-en-sedici/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/astronomia/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/autoarchivo/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/botanica/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/buenaventura-suarez/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/busqueda/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/carlos-spegazzini/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/ciencias-medicas/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/cirugia/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/ciruia-endovascular/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/colecciones/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/digitalizacion/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/educacion/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/favaloro/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/fisica/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/historia-de-la-ciencia/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/isaac-newton/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/laser/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/libros-antiguos/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/medicina/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/patrimonio/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/pier-angel-saccardo/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/rankings/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/repositorios/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/tycho-brahe/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tag/universidad/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tipo/articulos/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tipo/noticias/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
URL https://blog.sedici.unlp.edu.ar/tipo/recursos-sedici/
Method GET
Parameter
Attack
Evidence http://blog.sedici.unlp.edu.ar/wp-content/uploads/sites/17/2019/06/marca_sedici_blog_azul.png
Instances 75
A page that is available over SSL/TLS must be comprised completely of content which is transmitted over SSL/TLS.

Solution The page must not contain any content that is transmitted over unencrypted HTTP.

This includes content from third party sites.


Reference https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html
CWE Id 311
WASC Id 4
Plugin Id 10040

Low Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers
Description
identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

URL https://px.owneriq.net/stas/s/sholic.js
Method GET
Parameter
Attack
Evidence X-Powered-By: PHP/7.3.33
Instances 1
Solution Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.
http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx

Reference
http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html
CWE Id 200
WASC Id 13
Plugin Id 10037

Low Server Leaks Version Information via "Server" HTTP Response Header Field
The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying
Description
other vulnerabilities your web/application server is subject to.

URL http://blog.sedici.unlp.edu.ar/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL http://blog.sedici.unlp.edu.ar/2015/12/11/como-crear-un-perfil-en-google-scholar/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2014/08/14/sedici-advierte-sobre-practicas-editoriales-sospechosas/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2017/02/02/biredial-istec-2017-y-novedades/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2017/02/07/actualizacion-a-ojs-3-del-portal-de-revistas-de-la-unlp/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2017/03/06/receta-para-preparar-nuestro-propio-sistema-solar/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2017/04/05/serie-de-entrevistas-a-investigadores-de-la-unlp-en-radio-universidad/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2017/04/21/distincion-a-sedici-de-la-fundacion-museo-de-la-plata/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2017/04/28/se-termina-la-mision-cassini-huygens/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2017/05/09/plagio-recomendaciones-para-evitarlo-y-softwares-de-deteccion/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2017/08/02/sedici-en-el-ranking-webometrics/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2017/08/25/taller-de-revistas-academicas-en-jursoc/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2017/10/25/semana-del-acceso-abierto-open-access-week/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2018/04/09/viii-conferencia-internacional-biredial-istec-2018/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2019/03/29/digitalizacion-de-libros-antiguos-en-sedici/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/?replytocom=13068
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/?replytocom=13142
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2019/05/22/charla-en-la-facultad-de-ciencias-economicas-de-la-unlp/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2019/05/22/charla-en-la-facultad-de-ciencias-economicas-de-la-unlp/feed/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2019/06/03/digitalizacion-de-publicaciones-oficiales-antiguas-sobre-inundaciones/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2019/06/03/digitalizacion-de-publicaciones-oficiales-antiguas-sobre-inundaciones/feed/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/?replytocom=13985
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/?replytocom=22701
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/feed/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2020/09/29/recuerdo-y-presencia-de-emiliano-marmonti/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2020/09/29/recuerdo-y-presencia-de-emiliano-marmonti/feed/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2020/09/30/sedici-se-ubico-en-la-posicion-21-en-el-transparent-ranking-de-repositorios-2020/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2020/09/30/sedici-se-ubico-en-la-posicion-21-en-el-transparent-ranking-de-repositorios-2020/feed/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2021/12/09/cuarta-edicion-del-libro-de-cirugia-ya-disponible-en-el-repositorio/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/2021/12/09/cuarta-edicion-del-libro-de-cirugia-ya-disponible-en-el-repositorio/feed/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/?s=ZAP&submit=Buscar
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/acerca-de/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/acerca-de/contacto/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/acerca-de/politicas-del-repositorio/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/acerca-de/staff/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/author/analia/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/author/lucas/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/author/marisa/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/comments/feed/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/feed/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/publicar-en-sedici/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/tag/autoarchivo/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/tag/busqueda/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/tag/ciencias-medicas/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/tag/cirugia/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/tag/ciruia-endovascular/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/tag/colecciones/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/tag/educacion/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/tag/fisica/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/tag/historia-de-la-ciencia/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/tag/laser/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/tag/medicina/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/tag/rankings/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/tag/repositorios/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/tag/universidad/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/tipo/articulos/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/tipo/noticias/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/tipo/recursos-sedici/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1679375407
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.7
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.7
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-content/plugins/jetpack/_inc/build/facebook-embed.min.js?ver=12.2
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-content/plugins/jetpack/_inc/build/likes/queuehandler.min.js?ver=12.2
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-content/plugins/jetpack/_inc/build/twitter-timeline.min.js?ver=4.0.0
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
https://blog.sedici.unlp.edu.ar/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?
URL
minify=false&ver=132249e245926ae3e188
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-content/themes/flat/assets/js/flat.min.js?ver=1.7.11
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-content/themes/flat/assets/js/html5shiv.min.js?ver=3.7.2
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-includes/js/comment-reply.min.js?ver=54f0247246dfc0bb91b4707720d6b799
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-includes/wlwmanifest.xml
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-json/
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F05%2F22%2Fcharla-en-la-
URL
facultad-de-ciencias-economicas-de-la-unlp%2F
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F06%2F03%2Fdigitalizacion-
URL
de-publicaciones-oficiales-antiguas-sobre-inundaciones%2F
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F08%2F14%2Funa-nueva-
historia-del-laser-en-sedici%2F
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F09%2F29%2Frecuerdo-y-
URL
presencia-de-emiliano-marmonti%2F
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F09%2F30%2Fsedici-se-ubico-
URL
en-la-posicion-21-en-el-transparent-ranking-de-repositorios-2020%2F
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2021%2F12%2F09%2Fcuarta-edicion-
URL
del-libro-de-cirugia-ya-disponible-en-el-repositorio%2F
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F05%2F22%2Fcharla-en-la-facultad-de-
URL
ciencias-economicas-de-la-unlp%2F
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F06%2F03%2Fdigitalizacion-de-
URL
publicaciones-oficiales-antiguas-sobre-inundaciones%2F
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F08%2F14%2Funa-nueva-historia-del-laser-
URL
en-sedici%2F
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F09%2F29%2Frecuerdo-y-presencia-de-
URL
emiliano-marmonti%2F
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F09%2F30%2Fsedici-se-ubico-en-la-
URL
posicion-21-en-el-transparent-ranking-de-repositorios-2020%2F
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2021%2F12%2F09%2Fcuarta-edicion-del-libro-de-
URL
cirugia-ya-disponible-en-el-repositorio%2F
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/17708
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/17829
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/17836
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/18958
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/6283
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/7456
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/9852
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/xmlrpc.php
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/xmlrpc.php?rsd
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://matomo.sedici.unlp.edu.ar/
Method GET
Parameter
Attack
Evidence nginx/1.14.2
URL https://multisitio.sedici.unlp.edu.ar/wp-admin/admin-ajax.php?action=multidomain-setup-cdsso
Method GET
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
URL https://blog.sedici.unlp.edu.ar/wp-comments-post.php
Method POST
Parameter
Attack
Evidence Apache/2.4.38 (Debian)
Instances 100
Solution Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.
http://httpd.apache.org/docs/current/mod/core.html#servertokens

http://msdn.microsoft.com/en-us/library/ff648552.aspx#ht_urlscan_007

Reference
http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx

http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html
CWE Id 200
WASC Id 13
Plugin Id 10036

Low Strict-Transport-Security Header Not Set


HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser)
Description are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC
6797.

URL https://blog.sedici.unlp.edu.ar/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2014/08/14/sedici-advierte-sobre-practicas-editoriales-sospechosas/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/02/02/biredial-istec-2017-y-novedades/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/02/07/actualizacion-a-ojs-3-del-portal-de-revistas-de-la-unlp/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/03/06/receta-para-preparar-nuestro-propio-sistema-solar/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/04/05/serie-de-entrevistas-a-investigadores-de-la-unlp-en-radio-universidad/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/04/21/distincion-a-sedici-de-la-fundacion-museo-de-la-plata/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/04/28/se-termina-la-mision-cassini-huygens/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/05/09/plagio-recomendaciones-para-evitarlo-y-softwares-de-deteccion/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/08/02/sedici-en-el-ranking-webometrics/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/08/25/taller-de-revistas-academicas-en-jursoc/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/10/25/semana-del-acceso-abierto-open-access-week/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2018/04/09/viii-conferencia-internacional-biredial-istec-2018/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/03/29/digitalizacion-de-libros-antiguos-en-sedici/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/?replytocom=13068
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/?replytocom=13142
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/?replytocom=25259
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/?replytocom=25454
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/feed/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/22/charla-en-la-facultad-de-ciencias-economicas-de-la-unlp/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/22/charla-en-la-facultad-de-ciencias-economicas-de-la-unlp/feed/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/06/03/digitalizacion-de-publicaciones-oficiales-antiguas-sobre-inundaciones/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/06/03/digitalizacion-de-publicaciones-oficiales-antiguas-sobre-inundaciones/feed/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/?replytocom=13985
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/?replytocom=22701
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/feed/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/09/29/recuerdo-y-presencia-de-emiliano-marmonti/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/09/29/recuerdo-y-presencia-de-emiliano-marmonti/feed/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/09/30/sedici-se-ubico-en-la-posicion-21-en-el-transparent-ranking-de-repositorios-2020/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/09/30/sedici-se-ubico-en-la-posicion-21-en-el-transparent-ranking-de-repositorios-2020/feed/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2021/12/09/cuarta-edicion-del-libro-de-cirugia-ya-disponible-en-el-repositorio/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2021/12/09/cuarta-edicion-del-libro-de-cirugia-ya-disponible-en-el-repositorio/feed/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/?s=ZAP&submit=Buscar
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/acerca-de/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/acerca-de/contacto/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/acerca-de/politicas-del-repositorio/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/acerca-de/staff/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/author/analia/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/author/lucas/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/author/marisa/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/comments/feed/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/feed/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/publicar-en-sedici/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/autoarchivo/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/busqueda/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/ciencias-medicas/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/cirugia/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/ciruia-endovascular/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/colecciones/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/educacion/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/fisica/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/historia-de-la-ciencia/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/laser/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/medicina/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/rankings/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/repositorios/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/universidad/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tipo/articulos/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tipo/noticias/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tipo/recursos-sedici/
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1679375407
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.7
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.7
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-content/plugins/jetpack/_inc/build/facebook-embed.min.js?ver=12.2
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-content/plugins/jetpack/_inc/build/likes/queuehandler.min.js?ver=12.2
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-content/plugins/jetpack/_inc/build/twitter-timeline.min.js?ver=4.0.0
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?
URL
minify=false&ver=132249e245926ae3e188
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-content/themes/flat/assets/js/flat.min.js?ver=1.7.11
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-content/themes/flat/assets/js/html5shiv.min.js?ver=3.7.2
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-includes/js/comment-reply.min.js?ver=54f0247246dfc0bb91b4707720d6b799
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-includes/wlwmanifest.xml
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-json/
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F05%2F22%2Fcharla-en-la-
URL
facultad-de-ciencias-economicas-de-la-unlp%2F
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F06%2F03%2Fdigitalizacion-
URL
de-publicaciones-oficiales-antiguas-sobre-inundaciones%2F
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F08%2F14%2Funa-nueva-
URL
historia-del-laser-en-sedici%2F
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F09%2F29%2Frecuerdo-y-
URL
presencia-de-emiliano-marmonti%2F
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F09%2F30%2Fsedici-se-ubico-
URL
en-la-posicion-21-en-el-transparent-ranking-de-repositorios-2020%2F
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2021%2F12%2F09%2Fcuarta-edicion-
URL
del-libro-de-cirugia-ya-disponible-en-el-repositorio%2F
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F05%2F14%2Fnuevo-libro-electronico-
URL
sobre-cirugia-endovascular%2F
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F05%2F22%2Fcharla-en-la-facultad-de-
URL
ciencias-economicas-de-la-unlp%2F
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F06%2F03%2Fdigitalizacion-de-
URL
publicaciones-oficiales-antiguas-sobre-inundaciones%2F
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F08%2F14%2Funa-nueva-historia-del-laser-
URL
en-sedici%2F
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F09%2F29%2Frecuerdo-y-presencia-de-
URL
emiliano-marmonti%2F
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F09%2F30%2Fsedici-se-ubico-en-la-
URL
posicion-21-en-el-transparent-ranking-de-repositorios-2020%2F
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2021%2F12%2F09%2Fcuarta-edicion-del-libro-de-
URL
cirugia-ya-disponible-en-el-repositorio%2F
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/17708
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/17829
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/17836
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/18958
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/6283
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/7456
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/9852
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/xmlrpc.php
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/xmlrpc.php?rsd
Method GET
Parameter
Attack
Evidence
URL https://matomo.sedici.unlp.edu.ar/
Method GET
Parameter
Attack
Evidence
URL https://multisitio.sedici.unlp.edu.ar/wp-admin/admin-ajax.php?action=multidomain-setup-cdsso
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-comments-post.php
Method POST
Parameter
Attack
Evidence
Instances 102
Solution Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.
https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html

https://owasp.org/www-community/Security_Headers

Reference http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

http://caniuse.com/stricttransportsecurity

http://tools.ietf.org/html/rfc6797
CWE Id 319
WASC Id 15
Plugin Id 10035

Low X-Content-Type-Options Header Missing


The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-
Description sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type.
Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

URL http://sedici.unlp.edu.ar./
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77098&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77106&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77107&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77108&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77109&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77124&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77133&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77145&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77146&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77147&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77155&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77158&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77159&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77161&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77166&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77171&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77172&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77177&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&offset=20&order=ASC&rpp=20&sort_by=-1&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=10&sort_by=-1&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=100&sort_by=-1&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=0&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=A&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=B&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=C&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=D&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=E&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=F&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=G&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=H&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=I&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=J&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=K&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=L&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=M&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=N&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=O&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=P&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=Q&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=R&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=S&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=T&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=U&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=V&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=W&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=X&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=Y&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=Z&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=40&sort_by=-1&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=5&sort_by=-1&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=60&sort_by=-1&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=80&sort_by=-1&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=DESC&rpp=20&sort_by=-1&type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?rpp=60&type=author
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?type=subject
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/community-list
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=Conjunto+de+datos&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=http://voc.sedici.unlp.edu.ar/node/55359&filter_relational_operator=authority&filtertype=author
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=Libro&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?query=ZAP&submit
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/feed/atom_1.0/site
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/feed/rss_2.0/site
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/1
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/1038
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/154194
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/154197
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/154198
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/154199
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/154200
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/18267
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/25224
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/26450
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/27268
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/34144
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/51
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/handle/10915/74049
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/moz-search-plugin.xml
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/open-search/description.xml
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/ayudaInvestigadores
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/comoAgregarTrabajos
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/comoLlegar
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/estadisticasContenidoRepositorio
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/FAQ
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/informacionTesistas
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/links
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/politicas
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/queEsSedici
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/resolucionSedici
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/revistasAccesoAbierto
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/pages/staff
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/password-login
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/register
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/robots.txt
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/themes/Sedici2/lib/js/DD_belatedPNG_0.0.8a.js?v=1
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/themes/Sedici2/lib/js/metadataGenerator.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/themes/Sedici2/lib/js/slides.min.jquery.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/themes/Sedici2/lib/js/slideshow-sedici.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse
Method POST
Parameter X-Content-Type-Options
Attack
Evidence
Instances 102
Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web
pages.
Solution
If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by
the web application/web server to not perform MIME-sniffing.
http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx

Reference
https://owasp.org/www-community/Security_Headers
CWE Id 693
WASC Id 15
Plugin Id 10021

Informational Charset Mismatch


Description This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML.
When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to
determine the content's correct character set.
An attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning
of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.

https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F03%2F29%2Fdigitalizacion-
URL
de-libros-antiguos-en-sedici%2F
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F05%2F09%2Ftesis-del-dr-
URL
rene-favaloro-disponible-en-sedici%2F
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F05%2F14%2Fnuevo-libro-
URL
electronico-sobre-cirugia-endovascular%2F
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F05%2F22%2Fcharla-en-la-
URL
facultad-de-ciencias-economicas-de-la-unlp%2F
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F06%2F03%2Fdigitalizacion-
URL
de-publicaciones-oficiales-antiguas-sobre-inundaciones%2F
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F08%2F14%2Funa-nueva-
URL
historia-del-laser-en-sedici%2F
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F09%2F29%2Frecuerdo-y-
URL
presencia-de-emiliano-marmonti%2F
Method GET
Parameter
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F09%2F30%2Fsedici-se-ubico-
en-la-posicion-21-en-el-transparent-ranking-de-repositorios-2020%2F
Method GET
Parameter
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2021%2F12%2F09%2Fcuarta-edicion-
URL
del-libro-de-cirugia-ya-disponible-en-el-repositorio%2F
Method GET
Parameter
Attack
Evidence
Instances 9
Solution Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.
Reference http://code.google.com/p/browsersec/wiki/Part2#Character_set_handling_and_detection
CWE Id 436
WASC Id 15
Plugin Id 90011

Informational Loosely Scoped Cookie


Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can
access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the
Description latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com.
Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be
transmitted to the parent, or any subdomain of the parent.

URL http://widget.uservoice.com/QIUtmn0eqp3spSPiyMziFg.js
Method GET
Parameter
Attack
Evidence
URL http://widget.uservoice.com/QIUtmn0eqp3spSPiyMziFg.js
Method GET
Parameter
Attack
Evidence
URL https://i.simpli.fi/dpx.js?cid=66111&m=0&sifi_tuid=37828&referrer=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F
Method GET
Parameter
Attack
Evidence
https://partner.shareaholic.com/partners.js?
URL location=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F&referrer=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fsedici.unlp.edu.ar%2F&cl=es&id_sync=ebb9e803-8bbe-433c-b412-
fa40a29c48ce&pvs=1&site=68eeb7dd793634d3ccf0a886faf7dd89
Method GET
Parameter
Attack
Evidence
Instances 4
Solution Always scope cookies to a FQDN (Fully Qualified Domain Name).
https://tools.ietf.org/html/rfc6265#section-4.1

https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-
Reference
Testing_for_Cookies_Attributes.html

http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies
CWE Id 565
WASC Id 15
Plugin Id 90033

Informational Re-examine Cache-control Directives


The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files
Description
this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.

URL https://blog.sedici.unlp.edu.ar/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2014/08/14/sedici-advierte-sobre-practicas-editoriales-sospechosas/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/02/02/biredial-istec-2017-y-novedades/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/02/07/actualizacion-a-ojs-3-del-portal-de-revistas-de-la-unlp/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/03/06/receta-para-preparar-nuestro-propio-sistema-solar/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/04/05/serie-de-entrevistas-a-investigadores-de-la-unlp-en-radio-universidad/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/04/21/distincion-a-sedici-de-la-fundacion-museo-de-la-plata/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/04/28/se-termina-la-mision-cassini-huygens/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/05/09/plagio-recomendaciones-para-evitarlo-y-softwares-de-deteccion/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/08/02/sedici-en-el-ranking-webometrics/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/08/25/taller-de-revistas-academicas-en-jursoc/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2017/10/25/semana-del-acceso-abierto-open-access-week/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2018/04/09/viii-conferencia-internacional-biredial-istec-2018/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/03/29/digitalizacion-de-libros-antiguos-en-sedici/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/?replytocom=9848
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/?replytocom=9849
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/?replytocom=9851
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/?replytocom=9860
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/?replytocom=9867
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/?replytocom=9929
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/09/tesis-del-dr-rene-favaloro-disponible-en-sedici/feed/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/?replytocom=13068
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/?replytocom=13142
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/?replytocom=25259
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/?replytocom=25454
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/?replytocom=25455
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/14/nuevo-libro-electronico-sobre-cirugia-endovascular/feed/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/22/charla-en-la-facultad-de-ciencias-economicas-de-la-unlp/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/05/22/charla-en-la-facultad-de-ciencias-economicas-de-la-unlp/feed/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/06/03/digitalizacion-de-publicaciones-oficiales-antiguas-sobre-inundaciones/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2019/06/03/digitalizacion-de-publicaciones-oficiales-antiguas-sobre-inundaciones/feed/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/?replytocom=13985
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/?replytocom=22701
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/08/14/una-nueva-historia-del-laser-en-sedici/feed/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/09/29/recuerdo-y-presencia-de-emiliano-marmonti/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/09/29/recuerdo-y-presencia-de-emiliano-marmonti/feed/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/09/30/sedici-se-ubico-en-la-posicion-21-en-el-transparent-ranking-de-repositorios-2020/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2020/09/30/sedici-se-ubico-en-la-posicion-21-en-el-transparent-ranking-de-repositorios-2020/feed/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2021/12/09/cuarta-edicion-del-libro-de-cirugia-ya-disponible-en-el-repositorio/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/2021/12/09/cuarta-edicion-del-libro-de-cirugia-ya-disponible-en-el-repositorio/feed/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/?s=ZAP&submit=Buscar
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/acerca-de/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/acerca-de/contacto/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/acerca-de/politicas-del-repositorio/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/acerca-de/staff/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/author/analia/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/author/lucas/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/author/marisa/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/comments/feed/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/feed/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/publicar-en-sedici/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/autoarchivo/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/busqueda/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/ciencias-medicas/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/cirugia/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/ciruia-endovascular/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/colecciones/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/digitalizacion/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/educacion/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/favaloro/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/fisica/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/historia-de-la-ciencia/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/laser/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/medicina/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/patrimonio/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/rankings/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/repositorios/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tag/universidad/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tipo/articulos/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tipo/noticias/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/tipo/recursos-sedici/
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-includes/wlwmanifest.xml
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-json/
Method GET
Parameter Cache-Control
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F05%2F09%2Ftesis-del-dr-
URL
rene-favaloro-disponible-en-sedici%2F
Method GET
Parameter Cache-Control
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F05%2F14%2Fnuevo-libro-
URL
electronico-sobre-cirugia-endovascular%2F
Method GET
Parameter Cache-Control
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F05%2F22%2Fcharla-en-la-
URL
facultad-de-ciencias-economicas-de-la-unlp%2F
Method GET
Parameter Cache-Control
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F06%2F03%2Fdigitalizacion-
URL
de-publicaciones-oficiales-antiguas-sobre-inundaciones%2F
Method GET
Parameter Cache-Control
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F08%2F14%2Funa-nueva-
URL
historia-del-laser-en-sedici%2F
Method GET
Parameter Cache-Control
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F09%2F29%2Frecuerdo-y-
URL
presencia-de-emiliano-marmonti%2F
Method GET
Parameter Cache-Control
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F09%2F30%2Fsedici-se-ubico-
URL
en-la-posicion-21-en-el-transparent-ranking-de-repositorios-2020%2F
Method GET
Parameter Cache-Control
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?format=xml&url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2021%2F12%2F09%2Fcuarta-edicion-
URL
del-libro-de-cirugia-ya-disponible-en-el-repositorio%2F
Method GET
Parameter Cache-Control
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F05%2F09%2Ftesis-del-dr-rene-favaloro-
URL
disponible-en-sedici%2F
Method GET
Parameter Cache-Control
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F05%2F14%2Fnuevo-libro-electronico-
URL
sobre-cirugia-endovascular%2F
Method GET
Parameter Cache-Control
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F05%2F22%2Fcharla-en-la-facultad-de-
URL
ciencias-economicas-de-la-unlp%2F
Method GET
Parameter Cache-Control
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2019%2F06%2F03%2Fdigitalizacion-de-
URL
publicaciones-oficiales-antiguas-sobre-inundaciones%2F
Method GET
Parameter Cache-Control
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F08%2F14%2Funa-nueva-historia-del-laser-
URL
en-sedici%2F
Method GET
Parameter Cache-Control
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F09%2F29%2Frecuerdo-y-presencia-de-
URL
emiliano-marmonti%2F
Method GET
Parameter Cache-Control
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2020%2F09%2F30%2Fsedici-se-ubico-en-la-
URL
posicion-21-en-el-transparent-ranking-de-repositorios-2020%2F
Method GET
Parameter Cache-Control
Attack
Evidence
https://blog.sedici.unlp.edu.ar/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttps%2Fblog.sedici.unlp.edu.ar%2F2021%2F12%2F09%2Fcuarta-edicion-del-libro-de-
URL
cirugia-ya-disponible-en-el-repositorio%2F
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/17708
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/17829
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/17836
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/18958
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/6283
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/6323
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/7456
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/wp-json/wp/v2/posts/9852
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://blog.sedici.unlp.edu.ar/xmlrpc.php?rsd
Method GET
Parameter Cache-Control
Attack
Evidence
URL https://matomo.sedici.unlp.edu.ar/
Method GET
Parameter Cache-Control
Attack
Evidence no-store, must-revalidate
Instances 102
For secure content, ensure the cache-control HTTP header is set with "no-cache, no-store, must-revalidate". If an asset should be cached consider setting the
Solution
directives "public, max-age, immutable".
https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching

Reference https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control

https://grayduck.mn/2021/09/13/cache-control-recommendations/
CWE Id 525
WASC Id 13
Plugin Id 10015

Informational Retrieved from Cache


The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In
some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in
Description
use in their environment. This is primarily an issue where caching servers such as "proxy" caches are configured on the local network. This configuration is
typically found in corporate or educational environments, for instance.

URL http://sedici.unlp.edu.ar./
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/blog
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/blog/
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/blog/2013/05/17/tutorial-de-autoarchivo-en-sedici/
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77098&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77106&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77107&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77133&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77145&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77146&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77147&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77158&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77159&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77161&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?authority=https%3A%2F%2Fptop.only.wip.la%3A443%2Fhttp%2Fvoc.sedici.unlp.edu.ar%2Ftaxonomy%2Fterm%2F77166&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&offset=20&order=ASC&rpp=20&sort_by=-1&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=10&sort_by=-1&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=100&sort_by=-1&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=0&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=A&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=B&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=C&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=D&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=E&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=F&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=G&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=H&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=I&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=J&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=K&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=L&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=M&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=N&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=O&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=P&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=Q&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=R&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=S&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=T&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=U&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=V&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=W&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=X&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=Y&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=Z&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=40&sort_by=-1&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=5&sort_by=-1&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=60&sort_by=-1&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=80&sort_by=-1&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=DESC&rpp=20&sort_by=-1&type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?rpp=60&type=author
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/browse?type=subject
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/community-list
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/discover
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/discover?filter=Conjunto+de+datos&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/discover?filter=http://voc.sedici.unlp.edu.ar/node/55359&filter_relational_operator=authority&filtertype=author
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/discover?filter=Libro&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/discover?query=ZAP&submit
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/feed/atom_1.0/site
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/feed/rss_2.0/site
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/handle/10915/1
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/handle/10915/1038
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/handle/10915/154194
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/handle/10915/154197
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/handle/10915/154198
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/handle/10915/154199
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/handle/10915/154200
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/handle/10915/18267
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/handle/10915/25224
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/handle/10915/26450
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/handle/10915/27268
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/handle/10915/34144
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/handle/10915/50/submit
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/handle/10915/51
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/handle/10915/74049
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/login
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/moz-search-plugin.xml
Method GET
Parameter
Attack
Evidence HIT
URL http://sedici.unlp.edu.ar/open-search/description.xml
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/pages/ayudaInvestigadores
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/pages/comoAgregarTrabajos
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/pages/comoLlegar
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/pages/estadisticasContenidoRepositorio
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/pages/FAQ
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/pages/informacionTesistas
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/pages/links
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/pages/politicas
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/pages/queEsSedici
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/pages/resolucionSedici
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/pages/revistasAccesoAbierto
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/pages/staff
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/register
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/robots.txt
Method GET
Parameter
Attack
Evidence HIT
URL http://sedici.unlp.edu.ar/search-filter
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/sitemap.xml
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/themes
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/themes/Sedici2/lib/js/DD_belatedPNG_0.0.8a.js?v=1
Method GET
Parameter
Attack
Evidence Age: 0
URL http://sedici.unlp.edu.ar/themes/Sedici2/lib/js/metadataGenerator.js
Method GET
Parameter
Attack
Evidence HIT
URL http://sedici.unlp.edu.ar/themes/Sedici2/lib/js/slides.min.jquery.js
Method GET
Parameter
Attack
Evidence HIT
URL http://sedici.unlp.edu.ar/themes/Sedici2/lib/js/slideshow-sedici.js
Method GET
Parameter
Attack
Evidence HIT
URL http://sedici.unlp.edu.ar/browse
Method POST
Parameter
Attack
Evidence Age: 0
Instances 102
Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to
limit, or prevent the content being stored and retrieved from the cache by another user:

Cache-Control: no-cache, no-store, must-revalidate, private

Solution Pragma: no-cache

Expires: 0

This configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation)
from the cache, in response to a similar request.
https://tools.ietf.org/html/rfc7234

Reference https://tools.ietf.org/html/rfc7231

http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html (obsoleted by rfc7234)


CWE Id
WASC Id
Plugin Id 10050

Informational User Controllable HTML Element Attribute (Potential XSS)


This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This
Description
provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.

URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=0&type=subject
Method GET
Parameter etal
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=0&type=subject
Method GET
Parameter order
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=0&type=subject
Method GET
Parameter rpp
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=0&type=subject
Method GET
Parameter sort_by
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=0&type=subject
Method GET
Parameter type
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=A&type=subject
Method GET
Parameter etal
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=A&type=subject
Method GET
Parameter order
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=A&type=subject
Method GET
Parameter rpp
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=A&type=subject
Method GET
Parameter sort_by
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=A&type=subject
Method GET
Parameter type
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=B&type=subject
Method GET
Parameter etal
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=B&type=subject
Method GET
Parameter order
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=B&type=subject
Method GET
Parameter rpp
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=B&type=subject
Method GET
Parameter sort_by
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=B&type=subject
Method GET
Parameter type
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=C&type=subject
Method GET
Parameter etal
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=C&type=subject
Method GET
Parameter order
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=C&type=subject
Method GET
Parameter rpp
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=C&type=subject
Method GET
Parameter sort_by
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=C&type=subject
Method GET
Parameter type
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=D&type=subject
Method GET
Parameter etal
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=D&type=subject
Method GET
Parameter order
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=D&type=subject
Method GET
Parameter rpp
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=D&type=subject
Method GET
Parameter sort_by
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=D&type=subject
Method GET
Parameter type
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=E&type=subject
Method GET
Parameter etal
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=E&type=subject
Method GET
Parameter order
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=E&type=subject
Method GET
Parameter rpp
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=E&type=subject
Method GET
Parameter sort_by
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=E&type=subject
Method GET
Parameter type
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=F&type=subject
Method GET
Parameter etal
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=F&type=subject
Method GET
Parameter order
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=F&type=subject
Method GET
Parameter rpp
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=F&type=subject
Method GET
Parameter sort_by
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=F&type=subject
Method GET
Parameter type
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=I&type=subject
Method GET
Parameter etal
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=I&type=subject
Method GET
Parameter order
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=I&type=subject
Method GET
Parameter rpp
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=I&type=subject
Method GET
Parameter sort_by
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=I&type=subject
Method GET
Parameter type
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=J&type=subject
Method GET
Parameter etal
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=J&type=subject
Method GET
Parameter order
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=J&type=subject
Method GET
Parameter rpp
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=J&type=subject
Method GET
Parameter sort_by
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?etal=-1&order=ASC&rpp=20&sort_by=-1&starts_with=J&type=subject
Method GET
Parameter type
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?rpp=60&type=author
Method GET
Parameter rpp
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?rpp=60&type=author
Method GET
Parameter type
Attack
Evidence
URL http://sedici.unlp.edu.ar/browse?type=subject
Method GET
Parameter type
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=Conjunto+de+datos&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter filter
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=Conjunto+de+datos&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter filter_relational_operator
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=Conjunto+de+datos&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter filtertype
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=Conjunto+de+datos&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter filtertype
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=Conjunto+de+datos&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter order
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=Conjunto+de+datos&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter sort_by
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=Libro&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter filter
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=Libro&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter filter_relational_operator
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=Libro&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter filtertype
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=Libro&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter filtertype
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=Libro&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter order
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?filter=Libro&filter_relational_operator=equals&filtertype=type&order=desc&sort_by=dc.date.accessioned_dt
Method GET
Parameter sort_by
Attack
Evidence
URL http://sedici.unlp.edu.ar/discover?query=ZAP&submit
Method GET
Parameter query
Attack
Evidence
Instances 61
Solution Validate all input and sanitize output it before writing to any HTML attributes.
Reference http://websecuritytool.codeplex.com/wikipage?title=Checks#user-controlled-html-attribute
CWE Id 20
WASC Id 20
Plugin Id 10031

You might also like