1.4 KiB

Raw Blame History

MEDIUM RISK

1. CSP: Wildcard Directive

Eric response: Can't we updated the apache config to add trusted source?

2. CSP: style-src 'unsafe-inline'

Eric response: Accept the risk

3. CSP Header Not Set

Eric response: This is zabbix it's for internal use. Accept the risk

4. CSP: script-src 'unsafe-inline'

Eric response: This is zabbix it's for internal use. Accept the risk

5. Absence of Anti-CSRF Tokens

Eric response: accept the risk

6. Source Code Disclosure - SQL

Eric response: what source code is exposed?

7. Sub Resource Integrity Attribute Missing

Eric response: nothink currently. Can you provide the integrity tag for the concerned external script

8. Vulnerable JavaScript Library

Eric response: What's the concerne library?

9. Missing Anti-clickjacking Header

Eric response:

10. Cross-Domain Misconfiguration

Eric response:

LOW RISK

1. Strict-Transport-Security Header Not Set

Eric response: accept risk

2. Dangerous JavaScript Functions

Eric response: Accept the risk

3. Server Leaks Version Information via 'Server' HTTP Response Header

Eric response: Accept the risk

4. CSP: X-Content-Type-Options Header Missing

Eric response: Accept risk

5. Cross-Domain JavaScript Source File Inclusion

Eric response: accept the risk

Eric response: accept the risk

Eric response: accept the risk