Scheme URI Detected in Content Security Policy (CSP) Directive Severity: Information Summary# Invicti detected that scheme URI was used in CSP directive. Impact# This means that scheme URI in script-src (http: or https:) allows the execution of unsafe scripts. Remediation# Replace the scheme URI with the domain that you trust. Classifications# ISO27001-A.14.2.5 Further Reading# Content Security Policy (CSP) Explained Invicti Security Insights Using Content Security Policy (CSP) to Secure Web Applications Remote Hardware Takeover via Vulnerable Admin Software The dangers of incorrect CSP implementations Leverage Browser Security Features to Secure Your Website Vulnerability Index You can search and find all vulnerabilities Select Category Critical High Medium Low Best Practice Information OR Search Vulnerability Tags CSP Related Vulnerabilities Oracle WebLogic Remote Code Execution (CVE-2020-14882) Code Execution via SSTI (Node.js Nunjucks) Out of Band Code Execution via SSTI (PHP Twig) Code Execution via File Upload Server-Side Template Injection (Java FreeMarker)