[05 Dec 2024 14:22:10,0796] PIPELINE-SCAN INFO: Pipeline Scan Tool Version 24.10.0-0. [05 Dec 2024 14:22:10,0810] PIPELINE-SCAN INFO: Loading policy file Alfresco_Default.json [05 Dec 2024 14:22:10,0812] PIPELINE-SCAN INFO: Successfully retrieved the policy [05 Dec 2024 14:22:10,0812] PIPELINE-SCAN INFO: Policy name: Alfresco Default [05 Dec 2024 14:22:10,0812] PIPELINE-SCAN INFO: CWE filter: [05 Dec 2024 14:22:10,0812] PIPELINE-SCAN INFO: Severity filter: 3, 4, 5, [05 Dec 2024 14:22:10,0813] PIPELINE-SCAN INFO: Beginning scanning of 'distribution/target/alfresco-hxinsight-connector-distribution-1.0.2-SNAPSHOT.zip'. [05 Dec 2024 14:22:10,0816] PIPELINE-SCAN INFO: Sending 122897825 bytes to the server for analysis. [05 Dec 2024 14:22:54,0932] PIPELINE-SCAN INFO: Upload complete. [05 Dec 2024 14:22:54,0932] PIPELINE-SCAN INFO: Scan ID: 7dac107d-9edd-49d4-911c-715e95370e5d [05 Dec 2024 14:22:55,0230] PIPELINE-SCAN INFO: Analysis Started. =========================== Found 6 Scannable modules. =========================== alfresco-hxinsight-connector-bulk-ingester-1.0.2-SNAPSHOT-app.jar alfresco-hxinsight-connector-hxinsight-extension-1.0.2-SNAPSHOT.jar alfresco-hxinsight-connector-live-ingester-1.0.2-SNAPSHOT-app.jar alfresco-hxinsight-connector-prediction-applier-1.0.2-SNAPSHOT-app.jar JS files within spring-security-web-6.4.1.jar JS files within alfresco-hxinsight-connector-distribution-1.0.2-SNAPSHOT.zip [05 Dec 2024 14:25:24,0646] PIPELINE-SCAN INFO: Analysis Complete. [05 Dec 2024 14:25:24,0649] PIPELINE-SCAN INFO: Analysis Results: Received 5159 bytes in 193836ms. [05 Dec 2024 14:25:24,0651] PIPELINE-SCAN INFO: Writing Raw JSON Results to file '/home/runner/work/hxinsight-connector/hxinsight-connector/results.json'. [05 Dec 2024 14:25:24,0652] PIPELINE-SCAN INFO: Applying custom severity 4 to cwe 80 [05 Dec 2024 14:25:24,0654] PIPELINE-SCAN INFO: Writing Filtered JSON Results to file '/home/runner/work/hxinsight-connector/hxinsight-connector/filtered_results.json'. Scan Summary: PIPELINE_SCAN_VERSION: 24.10.0-0 DEV-STAGE: DEVELOPMENT PROJECT-NAME: hxinsight-connector SCAN_ID: 7dac107d-9edd-49d4-911c-715e95370e5d SCAN_STATUS: SUCCESS SCAN_MESSAGE: Scan successful. Results size: 4388 bytes ==================== Analysis Successful. ==================== ========================== Found 6 Scannable modules. ========================== alfresco-hxinsight-connector-bulk-ingester-1.0.2-SNAPSHOT-app.jar alfresco-hxinsight-connector-hxinsight-extension-1.0.2-SNAPSHOT.jar alfresco-hxinsight-connector-live-ingester-1.0.2-SNAPSHOT-app.jar alfresco-hxinsight-connector-prediction-applier-1.0.2-SNAPSHOT-app.jar JS files within spring-security-web-6.4.1.jar JS files within alfresco-hxinsight-connector-distribution-1.0.2-SNAPSHOT.zip =================== Analyzed 6 modules. =================== alfresco-hxinsight-connector-bulk-ingester-1.0.2-SNAPSHOT-app.jar alfresco-hxinsight-connector-hxinsight-extension-1.0.2-SNAPSHOT.jar alfresco-hxinsight-connector-live-ingester-1.0.2-SNAPSHOT-app.jar alfresco-hxinsight-connector-prediction-applier-1.0.2-SNAPSHOT-app.jar JS files within spring-security-web-6.4.1.jar JS files within alfresco-hxinsight-connector-distribution-1.0.2-SNAPSHOT.zip ================== Analyzed 2 issues. ================== -------------------------------- Found 1 issues of High severity. -------------------------------- CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): org/springframework/security/spring-security-webauthn.js:199 Details: <span>This call to href() contains a cross-site scripting (XSS) flaw. The application populates the HTTP response with untrusted input, allowing an attacker to embed malicious content, such as Javascript code, which will be executed in the context of the victim's browser. XSS vulnerabilities are commonly exploited to steal or manipulate cookies, modify presentation of content, and compromise confidential information, with new attack vectors being discovered on a regular basis. </span> <span>Use contextual escaping on all untrusted