MEDIUM RISK
1. CSP: Wildcard Directive
Eric response: Can't we updated the apache config to add trusted source?
2. CSP: style-src 'unsafe-inline'
Eric response: Accept the risk
Eric response: This is zabbix it's for internal use. Accept the risk
4. CSP: script-src 'unsafe-inline'
Eric response: This is zabbix it's for internal use. Accept the risk
5. Absence of Anti-CSRF Tokens
Eric response: accept the risk
6. Source Code Disclosure - SQL
Eric response: what source code is exposed?
7. Sub Resource Integrity Attribute Missing
Eric response: nothink currently. Can you provide the integrity tag for the concerned external script
8. Vulnerable JavaScript Library
Eric response: What's the concerne library?
Eric response:
10. Cross-Domain Misconfiguration
Eric response:
LOW RISK
Eric response: accept risk
2. Dangerous JavaScript Functions
Eric response: Accept the risk
Eric response: Accept the risk
Eric response: Accept risk
5. Cross-Domain JavaScript Source File Inclusion
Eric response: accept the risk
6. Cookie Without Secure Flag
Eric response: accept the risk
7. Cookie with SameSite Attribute None
Eric response: accept the risk