threatcode · pull · Mar 10, 2026 · Mar 10, 2026 · Mar 10, 2026 · Mar 9, 2026
diff --git a/docker/CHANGELOG.md b/docker/CHANGELOG.md
@@ -1,6 +1,9 @@
 # Changelog
 All notable changes to the docker containers will be documented in this file.
 
+### 2026-03-10
+- Use alert references in "Alert on HTTP Response Code Errors" script to avoid duplicates (Issue 9273).
+
 ### 2026-02-26
 - Updated weekly image to debian:trixie and JDK 21
 

diff --git a/docker/scripts/scripts/httpsender/Alert_on_HTTP_Response_Code_Errors.js b/docker/scripts/scripts/httpsender/Alert_on_HTTP_Response_Code_Errors.js
@@ -29,11 +29,13 @@ function responseReceived(msg, initiator, helper) {
 			// Do nothing
 		} else {
 			var risk = 0	// Info
+			var alertRef = 1
 			var title = "A Client Error response code was returned by the server"
 			if (code >= 500) {
 				// Server error
 				risk = 1	// Low
 				title = "A Server Error response code was returned by the server"
+				alertRef = 2
 			}
 			// CONFIDENCE_HIGH = 3 (we can be pretty sure we're right)
 			var alert = new Alert(pluginid, risk, 3, title)
@@ -82,6 +84,7 @@ function responseReceived(msg, initiator, helper) {
 				"This may indicate that the application is failing to handle unexpected input correctly.\n" +
 				"Raised by the 'Alert on HTTP Response Code Error' script");
 			alert.setEvidence(code.toString())
+			alert.setAlertRef(pluginid + "-" + alertRef)
 			alert.setCweId(388)	// CWE CATEGORY: Error Handling
 			alert.setWascId(20)	// WASC  Improper Input Handling
 			extensionAlert.alertFound(alert , ref)

diff --git a/zap/src/main/java/org/zaproxy/zap/extension/siterefresh/PopupMenuSitesRefresh.java b/zap/src/main/java/org/zaproxy/zap/extension/siterefresh/PopupMenuSitesRefresh.java
@@ -63,4 +63,9 @@ public boolean isEnableForComponent(Component invoker) {
     public int getWeight() {
         return MenuWeights.MENU_SITE_REFRESH_WEIGHT;
     }
+
+    @Override
+    public boolean isSafe() {
+        return true;
+    }
 }