Scribd
Upload
39 views20 pages

Comprehensive New Tnps Vodacom Co TZ

The Acunetix scan for tnps.vodacom.co.tz identified multiple vulnerabilities, including two high-severity issues related to Lodash and several medium-severity cross-site scripting vulnerabilities in Bootstrap. The scan, which lasted 51 minutes, revealed a total of 16 vulnerabilities, with recommendations for upgrading libraries and implementing security measures like Content Security Policy. Immediate action is advised to mitigate risks of exploitation and enhance website security.

Uploaded by

leninneku1234
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
39 views20 pages

Comprehensive New Tnps Vodacom Co TZ

The Acunetix scan for tnps.vodacom.co.tz identified multiple vulnerabilities, including two high-severity issues related to Lodash and several medium-severity cross-site scripting vulnerabilities in Bootstrap. The scan, which lasted 51 minutes, revealed a total of 16 vulnerabilities, with recommendations for upgrading libraries and implementing security measures like Content Security Policy. Immediate action is advised to mitigate risks of exploitation and enhance website security.

Uploaded by

leninneku1234
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

Comprehensive Report

Acunetix Threat Level 3

One or more high-severity type vulnerabilities have been

discovered by the scanner. A malicious user can exploit


High
these vulnerabilities and compromise the backend

database and/or deface your website.

Scan Detail

Target tnps.vodacom.co.tz

Scan Type Full Scan

Start Time May 27, 2025, 11:23:54 PM GMT+3

Scan Duration 51 minutes

Requests 43715

Average Response Time 67ms

Maximum Response Time 30001ms

Application Build v25.1.250204093

Authentication Profile -

1
0 2 9 1 4

Critical High Medium Low Informational

Severity Vulnerabilities Instances

Critical 0 0

High 2 2

Medium 9 9

Low 1 1

Informational 4 4

Total 16 16

2
High Severity

Instances

Lodash Improper Neutralization of Special … 1

Lodash Improperly Controlled Modification… 1

Medium Severity

Instances

Bootstrap Improper Neutralization of Input … 1

Bootstrap Improper Neutralization of Input … 1

Bootstrap Improper Neutralization of Input … 1

Others 6

Low Severity

Instances

Cookies with missing, inconsistent or contr… 1

Informational

Instances

Content Security Policy (CSP) Not Impleme… 1

HTTP Strict Transport Security (HSTS) Erro… 1

Outdated JavaScript libraries 1

Others 1

3
Impacts

SEVERITY IMPACT

1 Lodash Improper Neutralization of Special Elements used in a


High
Command ('Command Injection') Vulnerability

1 Lodash Improperly Controlled Modification of Object Prototype


High
Attributes ('Prototype Pollution') Vulnerability

1 Bootstrap Improper Neutralization of Input During Web Page


Medium
Generation ('Cross-site Scripting') Vulnerability

1 Bootstrap Improper Neutralization of Input During Web Page


Medium
Generation ('Cross-site Scripting') Vulnerability

1 Bootstrap Improper Neutralization of Input During Web Page


Medium
Generation ('Cross-site Scripting') Vulnerability

1 Bootstrap Improper Neutralization of Input During Web Page


Medium
Generation ('Cross-site Scripting') Vulnerability

1 Bootstrap Improper Neutralization of Input During Web Page


Medium
Generation ('Cross-site Scripting') Vulnerability

1 Bootstrap Improper Neutralization of Input During Web Page


Medium
Generation ('Cross-site Scripting') Vulnerability

Medium 1 Lodash Other Vulnerability

Medium 1 TLS/SSL Weak Cipher Suites

Medium 1 Vulnerable JavaScript libraries

Low 1 Cookies with missing, inconsistent or contradictory properties

Informational 1 Content Security Policy (CSP) Not Implemented

Informational 1 HTTP Strict Transport Security (HSTS) Errors and Warnings

Informational 1 Outdated JavaScript libraries

Informational 1 Permissions-Policy header not implemented

4
Lodash Improper Neutralization of Special

Elements used in a Command ('Command

Injection') Vulnerability

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

Impact

https://tnps.vodacom.co.tz/

lodash v4.17.15-4.17.15

References

CVE-2021-23337

https://nvd.nist.gov/vuln/detail/CVE-2021-23337

Lodash Improperly Controlled Modification of

Object Prototype Attributes ('Prototype Pollution')

Vulnerability

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

Impact

https://tnps.vodacom.co.tz/

lodash v4.17.15-4.17.15

5
References

CVE-2020-8203

https://nvd.nist.gov/vuln/detail/CVE-2020-8203

Bootstrap Improper Neutralization of Input During

Web Page Generation ('Cross-site Scripting')

Vulnerability

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

Impact

https://tnps.vodacom.co.tz/

bootstrap.js v3.3.2-3.3.2

References

CVE-2018-14040

https://nvd.nist.gov/vuln/detail/CVE-2018-14040

Bootstrap Improper Neutralization of Input During

Web Page Generation ('Cross-site Scripting')

Vulnerability

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

Impact

https://tnps.vodacom.co.tz/

6
bootstrap.js v3.3.2-3.3.2

References

CVE-2018-20677

https://nvd.nist.gov/vuln/detail/CVE-2018-20677

Bootstrap Improper Neutralization of Input During

Web Page Generation ('Cross-site Scripting')

Vulnerability

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

Impact

https://tnps.vodacom.co.tz/

bootstrap.js v3.3.2-3.3.2

References

CVE-2018-14042

https://nvd.nist.gov/vuln/detail/CVE-2018-14042

Bootstrap Improper Neutralization of Input During

Web Page Generation ('Cross-site Scripting')

Vulnerability

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

Impact

7
https://tnps.vodacom.co.tz/

bootstrap.js v3.3.2-3.3.2

References

CVE-2018-20676

https://nvd.nist.gov/vuln/detail/CVE-2018-20676

Bootstrap Improper Neutralization of Input During

Web Page Generation ('Cross-site Scripting')

Vulnerability

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-

template attribute.

Impact

https://tnps.vodacom.co.tz/

bootstrap.js v3.3.2-3.3.2

References

CVE-2019-8331

https://nvd.nist.gov/vuln/detail/CVE-2019-8331

Bootstrap Improper Neutralization of Input During

Web Page Generation ('Cross-site Scripting')

Vulnerability

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target

attribute, a different vulnerability than CVE-2018-14041.

8
Impact

https://tnps.vodacom.co.tz/

bootstrap.js v3.3.2-3.3.2

References

CVE-2016-10735

https://nvd.nist.gov/vuln/detail/CVE-2016-10735

Lodash Other Vulnerability

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via

the toNumber, trim and trimEnd functions.

Impact

https://tnps.vodacom.co.tz/

lodash v4.17.15-4.17.15

References

CVE-2020-28500

https://nvd.nist.gov/vuln/detail/CVE-2020-28500

TLS/SSL Weak Cipher Suites

The remote host supports TLS/SSL cipher suites with weak or insecure properties.

Impact

https://tnps.vodacom.co.tz/

9
Weak TLS/SSL Cipher Suites: (offered via TLS1.2 on port 443):

TLS_RSA_WITH_AES_256_GCM_SHA384

Recommendation

Reconfigure the affected application to avoid use of weak cipher suites.

References

OWASP: TLS Cipher String Cheat Sheet

https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html

OWASP: Transport Layer Protection Cheat Sheet

https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html

Mozilla: TLS Cipher Suite Recommendations

https://wiki.mozilla.org/Security/Server_Side_TLS

SSLlabs: SSL and TLS Deployment Best Practices

https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices

RFC 9155: Deprecating MD5 and SHA-1 Signature Hashes in TLS 1.2 and DTLS 1.2

https://datatracker.ietf.org/doc/html/rfc9155

Vulnerable JavaScript libraries

You are using one or more vulnerable JavaScript libraries. One or more vulnerabilities were reported

for this version of the library. Consult Attack details and Web References for more information about

the affected library and the vulnerabilities that were reported.

Impact

Consult References for more information.

https://tnps.vodacom.co.tz/ Confidence: 95%

Lodash 4.17.15

URL: https://tnps.vodacom.co.tz/Account/Login

Detection method: The library's name and version were determined based on its dynamic behavior.

CVE-ID: CVE-2021-23337, CVE-2020-8203, CVE-2020-28500

10
Description: Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template

function. / Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. / Lodash

versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the

toNumber, trim and trimEnd functions.

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-23337

https://nvd.nist.gov/vuln/detail/CVE-2020-8203

https://nvd.nist.gov/vuln/detail/CVE-2020-28500

Request

GET /Account/Login HTTP/1.1


Referer: https://tnps.vodacom.co.tz/
Cookie: ASP.NET_SessionId=1d0gdkpdpuoucpody0cqsrsj;
__RequestVerificationToken=hQF8S23QgCOU1lIo08BDLBhKcMaqt0geEI-bDP3pAo1Eo-dJ-
3bHflR9LmPnrkfELeqaM6AhBwnVW3GUAtolGK7kNpzO4gVXTgIFJGY0umQ1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/131.0.0.0 Safari/537.36
Host: tnps.vodacom.co.tz
Connection: Keep-alive

Recommendation

Upgrade to the latest version.

References

How Invicti identifies Out-of-date technologies

https://www.invicti.com/support/how-invicti-identifies-outofdate/

Cookies with missing, inconsistent or

contradictory properties

At least one of the following cookies properties causes the cookie to be invalid or incompatible with

either a different property of the same cookie, of with the environment the cookie is being used in.

Although this is not a vulnerability in itself, it will likely lead to unexpected behavior by the

application, which in turn may cause secondary security issues.

Impact

Cookies will not be stored, or submitted, by web browsers.

11
https://tnps.vodacom.co.tz/ Verified

List of cookies with missing, inconsistent or contradictory properties:

https://tnps.vodacom.co.tz/Account/Login

Cookie was set with:

Set-Cookie: ASP.NET_SessionId=pvvkhgngxwagxkmy3uttawpr; path=/; secure; HttpOnly

This cookie has the following issues:

- Cookie without SameSite attribute.


When cookies lack the SameSite attribute, Web browsers may apply different and
sometimes unexpected defaults. It is therefore recommended to add a SameSite
attribute with an appropriate value of either "Strict", "Lax", or "None".

Request

GET /Account/Login HTTP/1.1


Referer: https://www.google.com/search?hl=en&q=testing
Cookie: __RequestVerificationToken=hQF8S23QgCOU1lIo08BDLBhKcMaqt0geEI-bDP3pAo1Eo-dJ-
3bHflR9LmPnrkfELeqaM6AhBwnVW3GUAtolGK7kNpzO4gVXTgIFJGY0umQ1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/131.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
Host: tnps.vodacom.co.tz
Connection: Keep-alive

Recommendation

Ensure that the cookies configuration complies with the applicable standards.

References

MDN | Set-Cookie

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

Securing cookies with cookie prefixes

https://www.sjoerdlangkemper.nl/2017/02/09/cookie-prefixes/

Cookies: HTTP State Management Mechanism

https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-05

SameSite Updates - The Chromium Projects

12
https://www.chromium.org/updates/same-site

draft-west-first-party-cookies-07: Same-site Cookies

https://tools.ietf.org/html/draft-west-first-party-cookies-07

Content Security Policy (CSP) Not Implemented

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain

types of attacks, including Cross Site Scripting (XSS) and data injection attacks.

Content Security Policy (CSP) can be implemented by adding a Content-Security-Policy header. The

value of this header is a string containing the policy directives describing your Content Security

Policy. To implement CSP, you should define lists of allowed origins for the all of the types of

resources that your site utilizes. For example, if you have a simple site that needs to load scripts,

stylesheets, and images hosted locally, as well as from the jQuery library from their CDN, the CSP

header could look like the following:

Content-Security-Policy:
default-src 'self';
script-src 'self' https://code.jquery.com;

It was detected that your web application doesn't implement Content Security Policy (CSP) as the

CSP header is missing from the response. It's recommended to implement Content Security Policy

(CSP) into your web application.

Impact

CSP can be used to prevent and/or mitigate attacks that involve content/code injection, such as

cross-site scripting/XSS attacks, attacks that require embedding a malicious resource, attacks that

involve malicious use of iframes, such as clickjacking attacks, and others.

https://tnps.vodacom.co.tz/

Paths without CSP header:

https://tnps.vodacom.co.tz/Account/Login

https://tnps.vodacom.co.tz/DefaultCaptcha/

https://tnps.vodacom.co.tz/Account/

https://tnps.vodacom.co.tz/bundles/graphics/

13
https://tnps.vodacom.co.tz/bundles/

https://tnps.vodacom.co.tz/Home/Error

Request

GET /Account/Login HTTP/1.1


Referer: https://tnps.vodacom.co.tz/
Cookie: ASP.NET_SessionId=1d0gdkpdpuoucpody0cqsrsj;
__RequestVerificationToken=hQF8S23QgCOU1lIo08BDLBhKcMaqt0geEI-bDP3pAo1Eo-dJ-
3bHflR9LmPnrkfELeqaM6AhBwnVW3GUAtolGK7kNpzO4gVXTgIFJGY0umQ1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/131.0.0.0 Safari/537.36
Host: tnps.vodacom.co.tz
Connection: Keep-alive

Recommendation

It's recommended to implement Content Security Policy (CSP) into your web application.

Configuring Content Security Policy involves adding the Content-Security-Policy HTTP header to a

web page and giving it values to control resources the user agent is allowed to load for that page.

References

Content Security Policy (CSP)

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

Implementing Content Security Policy

https://hacks.mozilla.org/2016/02/implementing-content-security-policy/

HTTP Strict Transport Security (HSTS) Errors and

Warnings

HTTP Strict Transport Security (HSTS) instructs a web browser to only connect to a web site using

HTTPS. It was detected that your web application's HTTP Strict Transport Security (HSTS)

implementation is not as strict as is typically advisable.

Impact

14
HSTS can be used to prevent and/or mitigate some types of man-in-the-middle (MitM) attacks

https://tnps.vodacom.co.tz/

URLs where HSTS configuration is not according to best practices:

https://tnps.vodacom.co.tz/Account/Login - max-age is less that 1 year (31536000);

https://tnps.vodacom.co.tz/DefaultCaptcha/ - max-age is less that 1 year (31536000);

https://tnps.vodacom.co.tz/Account/ - max-age is less that 1 year (31536000);

https://tnps.vodacom.co.tz/bundles/graphics/ - max-age is less that 1 year (31536000);

https://tnps.vodacom.co.tz/bundles/ - max-age is less that 1 year (31536000);

https://tnps.vodacom.co.tz/Home/Error - max-age is less that 1 year (31536000);

Request

GET /Account/Login HTTP/1.1


Referer: https://tnps.vodacom.co.tz/
Cookie: ASP.NET_SessionId=1d0gdkpdpuoucpody0cqsrsj;
__RequestVerificationToken=hQF8S23QgCOU1lIo08BDLBhKcMaqt0geEI-bDP3pAo1Eo-dJ-
3bHflR9LmPnrkfELeqaM6AhBwnVW3GUAtolGK7kNpzO4gVXTgIFJGY0umQ1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/131.0.0.0 Safari/537.36
Host: tnps.vodacom.co.tz
Connection: Keep-alive

Recommendation

It is recommended to implement best practices of HTTP Strict Transport Security (HSTS) in your

web application. Consult web references for more information.

References

hstspreload.org

https://hstspreload.org/

MDN: Strict-Transport-Security

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

Outdated JavaScript libraries

15
You are using an outdated version of one or more JavaScript libraries. A more recent version is

available. Although your version was not found to be affected by any security vulnerabilities, it is

recommended to keep libraries up to date.

Impact

Consult References for more information.

https://tnps.vodacom.co.tz/ Confidence: 95%

bootstrap.js 3.3.2

URL: https://tnps.vodacom.co.tz/Account/Login

Detection method: The library's name and version were determined based on its dynamic behavior.

References:

https://github.com/twbs/bootstrap/releases

Request

GET /Account/Login HTTP/1.1


Referer: https://tnps.vodacom.co.tz/
Cookie: ASP.NET_SessionId=1d0gdkpdpuoucpody0cqsrsj;
__RequestVerificationToken=hQF8S23QgCOU1lIo08BDLBhKcMaqt0geEI-bDP3pAo1Eo-dJ-
3bHflR9LmPnrkfELeqaM6AhBwnVW3GUAtolGK7kNpzO4gVXTgIFJGY0umQ1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/131.0.0.0 Safari/537.36
Host: tnps.vodacom.co.tz
Connection: Keep-alive

Recommendation

Upgrade to the latest version.

References

How Invicti identifies Out-of-date technologies

https://www.invicti.com/support/how-invicti-identifies-outofdate/

Permissions-Policy header not implemented

16
The Permissions-Policy header allows developers to selectively enable and disable use of various

browser features and APIs.

Impact

https://tnps.vodacom.co.tz/

Locations without Permissions-Policy header:

https://tnps.vodacom.co.tz/Account/Login

https://tnps.vodacom.co.tz/Content/favicons/

https://tnps.vodacom.co.tz/fonts/

https://tnps.vodacom.co.tz/Content/

https://tnps.vodacom.co.tz/DefaultCaptcha/

https://tnps.vodacom.co.tz/Content/images/

https://tnps.vodacom.co.tz/Account/

https://tnps.vodacom.co.tz/bundles/graphics/

https://tnps.vodacom.co.tz/bundles/

https://tnps.vodacom.co.tz/apps/

https://tnps.vodacom.co.tz/scripts/

https://tnps.vodacom.co.tz/templates/

https://tnps.vodacom.co.tz/Content/modules/

https://tnps.vodacom.co.tz/apps/ws/

https://tnps.vodacom.co.tz/apps/ws/html/

https://tnps.vodacom.co.tz/apps/ws/js/

https://tnps.vodacom.co.tz/Home/Error

https://tnps.vodacom.co.tz/Theme/

https://tnps.vodacom.co.tz/Theme/js/core/demo/

https://tnps.vodacom.co.tz/Theme/js/libs/

https://tnps.vodacom.co.tz/Theme/js/core/source/

Request

GET /Account/Login HTTP/1.1


Referer: https://tnps.vodacom.co.tz/
Cookie: ASP.NET_SessionId=1d0gdkpdpuoucpody0cqsrsj;
__RequestVerificationToken=hQF8S23QgCOU1lIo08BDLBhKcMaqt0geEI-bDP3pAo1Eo-dJ-
3bHflR9LmPnrkfELeqaM6AhBwnVW3GUAtolGK7kNpzO4gVXTgIFJGY0umQ1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/131.0.0.0 Safari/537.36
Host: tnps.vodacom.co.tz
Connection: Keep-alive

References

17
Permissions-Policy / Feature-Policy (MDN)

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy

Permissions Policy (W3C)

https://www.w3.org/TR/permissions-policy-1/

18
Coverage

https://tnps.vodacom.co.tz

Account

Login

#fragments

CaptchaImage

Inputs

POST CaptchaDeText, CaptchaInputText, Password, Username, __RequestVerificationToken

POST __RequestVerificationToken, Username, Password, CaptchaDeText, CaptchaInputText

apps

ws

html

js

bundles

graphics

base-scripts

Inputs

GET v

base-styles

Inputs

GET v

source-scripts

Inputs

GET v

source-styles

Inputs

GET v

Content

favicons

images

modules

DefaultCaptcha

19
Generate

Inputs

GET t

Refresh

Inputs

POST __m__, t,

fonts

Home

About

Error

Inputs

GET end, filterTnpsSurvey, filterTnpsTag, start, tnpsFilterDateMode

scripts

templates

Theme

js

core

demo

source

App.js

AppCard.js

AppForm.js

AppNavigation.js

AppOffcanvas.js

AppVendor.js

libs

20

You might also like