Merge pull request #9300 from projectdiscovery/added-remediation
Update cloudflare-rocketloader-htmli.yamlpatch-1
commit
45e4b9de84
|
@ -6,8 +6,10 @@ info:
|
|||
severity: low
|
||||
description: |
|
||||
The Rocket Loader feature in Cloudflare allow attackers to inject arbitrary HTML into the website. This can be used to perform various attacks such as phishing, defacement, etc.
|
||||
remediation: Disable the rocket loader or Add a CSP header to fix this issue.
|
||||
reference:
|
||||
- https://developers.cloudflare.com/speed/optimization/content/rocket-loader/enable/
|
||||
- https://developers.cloudflare.com/fundamentals/reference/policies-compliances/content-security-policies/#product-requirements
|
||||
metadata:
|
||||
max-request: 1
|
||||
verified: true
|
||||
|
@ -37,4 +39,4 @@ http:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a0047304502203f1f9450ea215136ca621ee9dbedce3ae4455abcc8dd73db23c5e0cdde586076022100f02e51d462db656b75f00a878d4608aed164f4cc5492a86cb73fd88a1665a085:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502203f1f9450ea215136ca621ee9dbedce3ae4455abcc8dd73db23c5e0cdde586076022100f02e51d462db656b75f00a878d4608aed164f4cc5492a86cb73fd88a1665a085:922c64590222798bb761d5b6d8e72950
|
||||
|
|
Loading…
Reference in New Issue