wathne
commented
2 weeks ago Open LisaCabot opened 1 month ago
wathne
commented
2 weeks ago wathne
commented
2 weeks ago "default-src 'self'" is too strict.
Description: The lack of tha protection may allow the use of a Cross-Site Scripting Potential Impact: Depends on the Cross-Site Scripting used when exploiting this lack of protection. Affected part of the application: Frontend, Page design Type of vulnerability: Lack of protection when designing the header (https://cwe.mitre.org/data/definitions/693.html)