Merge pull request #9300 from projectdiscovery/added-remediation

Update cloudflare-rocketloader-htmli.yaml
2024-03-08 18:06:42 +05:30 · 2024-03-08 18:06:42 +05:30 · 45e4b9de84
parent 7c3f147499 27f73e50c3
commit 45e4b9de84
1 changed files with 3 additions and 1 deletions
--- a/http/misconfiguration/cloudflare-rocketloader-htmli.yaml
+++ b/http/misconfiguration/cloudflare-rocketloader-htmli.yaml
@ -6,8 +6,10 @@ info:
  severity: low
  description: |
    The Rocket Loader feature in Cloudflare allow attackers to inject arbitrary HTML into the website. This can be used to perform various attacks such as phishing, defacement, etc.
+  remediation: Disable the rocket loader or Add a CSP header to fix this issue.
  reference:
    - https://developers.cloudflare.com/speed/optimization/content/rocket-loader/enable/
+    - https://developers.cloudflare.com/fundamentals/reference/policies-compliances/content-security-policies/#product-requirements
  metadata:
    max-request: 1
    verified: true