Missing object-src in CSP Declaration
Severity:
Information
Summary
Invicti detected that object-src is missed in CSP declaration. It allows the injection of plugins which can execute JavaScript.
Impact
Remediation
Set object-src to 'none' in CSP declaration:
Content-Security-Policy: object-src 'none';
Required Skills for Successful Exploitation
Actions To Take
Classifications
Vulnerability Index
You can search and find all vulnerabilities
Select Category
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Build your resistance to threats. And save hundreds of hours each month.
