zaproxy · thc202 · Dec 27, 2024 · Dec 27, 2024
diff --git a/site/content/docs/alerts/120000-1.md b/site/content/docs/alerts/120000-1.md
@@ -9,10 +9,10 @@ type: alert
 risk: Informational
 solution: "This is an informational alert and no action is necessary. "
 other: "The following data (key=value) was set: key=value Note that this alert will only be raised once for each URL + key."
-cwe: 200
+cwe: 359
 wasc: 13
 alerttags: 
-  - CWE-200
+  - CWE-359
 code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/client/src/main/java/org/zaproxy/addon/client/pscan/InformationInStorageScanRule.java
 linktext: "org/zaproxy/addon/client/pscan/InformationInStorageScanRule.java"
 help: https://www.zaproxy.org/docs/desktop/addons/client-side-integration/pscan/#id-120000

diff --git a/site/content/docs/alerts/120000-2.md b/site/content/docs/alerts/120000-2.md
@@ -9,10 +9,10 @@ type: alert
 risk: Informational
 solution: "This is an informational alert and no action is necessary. "
 other: "The following data (key=value) was set: key=value Note that this alert will only be raised once for each URL + key."
-cwe: 200
+cwe: 359
 wasc: 13
 alerttags: 
-  - CWE-200
+  - CWE-359
 code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/client/src/main/java/org/zaproxy/addon/client/pscan/InformationInStorageScanRule.java
 linktext: "org/zaproxy/addon/client/pscan/InformationInStorageScanRule.java"
 help: https://www.zaproxy.org/docs/desktop/addons/client-side-integration/pscan/#id-120000

diff --git a/site/content/docs/alerts/120001-1.md b/site/content/docs/alerts/120001-1.md
@@ -9,10 +9,10 @@ type: alert
 risk: Low
 solution: "Do not store sensitive information in browser storage. "
 other: "The following data (key=value) was set which matches the pattern for credit cards: key=value Note that alerts will only be raised once for each URL + key."
-cwe: 200
+cwe: 359
 wasc: 13
 alerttags: 
-  - CWE-200
+  - CWE-359
 code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/client/src/main/java/org/zaproxy/addon/client/pscan/SensitiveInfoInStorageScanRule.java
 linktext: "org/zaproxy/addon/client/pscan/SensitiveInfoInStorageScanRule.java"
 help: https://www.zaproxy.org/docs/desktop/addons/client-side-integration/pscan/#id-120001

diff --git a/site/content/docs/alerts/120001-2.md b/site/content/docs/alerts/120001-2.md
@@ -9,10 +9,10 @@ type: alert
 risk: Low
 solution: "Do not store sensitive information in browser storage. "
 other: "The following data (key=value) was set which matches the pattern for email addresses: key=value Note that alerts will only be raised once for each URL + key."
-cwe: 200
+cwe: 359
 wasc: 13
 alerttags: 
-  - CWE-200
+  - CWE-359
 code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/client/src/main/java/org/zaproxy/addon/client/pscan/SensitiveInfoInStorageScanRule.java
 linktext: "org/zaproxy/addon/client/pscan/SensitiveInfoInStorageScanRule.java"
 help: https://www.zaproxy.org/docs/desktop/addons/client-side-integration/pscan/#id-120001

diff --git a/site/content/docs/alerts/120002-1.md b/site/content/docs/alerts/120002-1.md
@@ -11,10 +11,10 @@ solution: "This is an informational alert and no action is necessary. "
 references:
    - https://www.zaproxy.org/blog/2020-09-03-zap-jwt-scanner/
 other: "The following JWT was set: Key: key Header: {'alg': 'HS256', 'typ': 'JWT'} Payload: {'sub': '1234567890', 'name': 'John Doe', 'iat': 1516239022} Signature: d35db7e39ebbf34d76df8e7aefcd35db7e39ebbf34d76df8e7aefcd35db7e39ebbf34d76df8e7aefcd35db7e39ebbf Note that this alert will only be raised once for each URL + key."
-cwe: 200
+cwe: 922
 wasc: 13
 alerttags: 
-  - CWE-200
+  - CWE-922
 code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/client/src/main/java/org/zaproxy/addon/client/pscan/JwtInStorageScanRule.java
 linktext: "org/zaproxy/addon/client/pscan/JwtInStorageScanRule.java"
 help: https://www.zaproxy.org/docs/desktop/addons/client-side-integration/pscan/#id-120002

diff --git a/site/content/docs/alerts/120002-2.md b/site/content/docs/alerts/120002-2.md
@@ -11,10 +11,10 @@ solution: "Store JWTs in sessionStorage instead of localStorage so that is clear
 references:
    - https://www.zaproxy.org/blog/2020-09-03-zap-jwt-scanner/
 other: "The following JWT was set: Key: key Header: {'alg': 'HS256', 'typ': 'JWT'} Payload: {'sub': '1234567890', 'name': 'John Doe', 'iat': 1516239022} Signature: d35db7e39ebbf34d76df8e7aefcd35db7e39ebbf34d76df8e7aefcd35db7e39ebbf34d76df8e7aefcd35db7e39ebbf Note that this alert will only be raised once for each URL + key."
-cwe: 200
+cwe: 922
 wasc: 13
 alerttags: 
-  - CWE-200
+  - CWE-922
 code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/client/src/main/java/org/zaproxy/addon/client/pscan/JwtInStorageScanRule.java
 linktext: "org/zaproxy/addon/client/pscan/JwtInStorageScanRule.java"
 help: https://www.zaproxy.org/docs/desktop/addons/client-side-integration/pscan/#id-120002

diff --git a/site/data/alerttags.yml b/site/data/alerttags.yml
@@ -196,6 +196,9 @@ CWE-917:
 CWE-918:
   link: https://cwe.mitre.org/data/definitions/918.html
 
+CWE-922:
+  link: https://cwe.mitre.org/data/definitions/922.html
+
 CWE-933:
   link: https://cwe.mitre.org/data/definitions/933.html