vulnerability
CSP Headers - Content-Security-Policy has an incorrect value.
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:M/C:P/I:N/A:N) | 01/01/2016 | 06/27/2018 | 06/27/2018 |
Severity
4
CVSS
(AV:N/AC:L/Au:M/C:P/I:N/A:N)
Published
01/01/2016
Added
06/27/2018
Modified
06/27/2018
Description
The Content Security Policy hasn’t been declared either through the meta-tag or the header, so the browser's trust of the content received from the server can be exploited. Malicious scripts are executed by the victim's browser because the browser trusts the source of the content, even when it's not coming from where it seems to be coming from.
Solution
cspheaders-cspheaders-r01
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.