vc-platform
vc-platform copied to clipboard

Published 20 hours ago •

Reame
Issues

ZAP Scan Baseline Report

Open github-actions[bot] opened this issue 9 months ago • 1 comments

Site: http://localhost:8090 New Alerts
- CSP: Wildcard Directive [10055] total: 2:
  - http://localhost:8090
  - http://localhost:8090/
- CSP: script-src unsafe-inline [10055] total: 2:
  - http://localhost:8090
  - http://localhost:8090/
- CSP: style-src unsafe-inline [10055] total: 2:
  - http://localhost:8090
  - http://localhost:8090/
- Sub Resource Integrity Attribute Missing [90003] total: 2:
  - http://localhost:8090
  - http://localhost:8090/
- Cross-Domain JavaScript Source File Inclusion [10017] total: 2:
  - http://localhost:8090
  - http://localhost:8090/
- Dangerous JS Functions [10110] total: 3:
- Permissions Policy Header Not Set [10063] total: 11:
- Timestamp Disclosure - Unix [10096] total: 1:
  - http://localhost:8090/modules/$(VirtoCommerce.Notifications)/dist/app.js?v=Ft4JfjXluLI6B6I5iLhRHLW2ibwp_Zyf1DHWuhJtjdQ
- Base64 Disclosure [10094] total: 5:
- Information Disclosure - Suspicious Comments [10027] total: 11:
- Modern Web Application [10109] total: 2:
  - http://localhost:8090
  - http://localhost:8090/
- Sec-Fetch-Dest Header is Missing [90005] total: 3:
- Sec-Fetch-Mode Header is Missing [90005] total: 3:
- Sec-Fetch-Site Header is Missing [90005] total: 3:
- Sec-Fetch-User Header is Missing [90005] total: 3:
- Storable and Cacheable Content [10049] total: 11:

View the following link to download the report. RunnerID:9207668384

ZAP is supported by the Crash Override Open Source Fellowship

May 23 '24 12:05 github-actions[bot]