Here are more details from the auditing scan.
Details URL encoded POST input next was set to /dashboard/9voye{{1==1}}cns7e. The input was reflected inside an AngularJS template
POST /dashboard/auth/login/ HTTP/1.1 Content-Length: 227 Content-Type: application/x-www-form-urlencoded Referer: https://10.3.199.109 Cookie: csrftoken=ULqDeIIm2VZnsOcUz5MdYityXbygIGJZ; token=; login_region="https://vCPEManager:5000/v3"; login_domain= Host: 10.3.199.109 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */* csrfmiddlewaretoken=ULqDeIIm2VZnsOcUz5MdYityXbygIGJZ&fake_email=sample%40email.tst&fake_password=g00dPa%24%24w0rD&next=/das hboard/9voye{{1==1}}cns7e&password=g00dPa%24%24w0rD®ion=https://vCPEManager:5000/v3&username=ktjeylhq
Here are more details from the auditing scan.
Details 9voye{{ 1==1}}cns7e.
URL encoded POST input next was set to /dashboard/
The input was reflected inside an AngularJS template
POST /dashboard/ auth/login/ HTTP/1.1 x-www-form- urlencoded /10.3.199. 109 ULqDeIIm2VZnsOc Uz5MdYityXbygIG JZ; token=; login_region="https:/ /vCPEManager: 5000/v3"; login_domain= oken=ULqDeIIm2V ZnsOcUz5MdYityX bygIGJZ& fake_email= sample% 40email. tst&fake_ password= g00dPa% 24%24w0rD& next=/das 9voye{{ 1==1}}cns7e& password= g00dPa% 24%24w0rD& region=https:/ /vCPEManager: 5000/v3& username= ktjeylhq
Content-Length: 227
Content-Type: application/
Referer: https:/
Cookie: csrftoken=
Host: 10.3.199.109
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
csrfmiddlewaret
hboard/