Content Security Policy is a security standard. It was introduced to protect from cross-site scripting and other injection attacks. This is achieved by restricting data access from different sources. This application uses an Unsafe Content Security Policy Directive unsafe-inline. This vulnerability allows the execution of inline scripts, which almost defeats the purpose of Content Security Policy. When this is approved, it’s effortless to exploit a Cross-site Scripting vulnerability on your website successfully.
The attacker can send malicious code embedded in a script. The following is an example.
The impacts of this type of vulnerability include:-
Beagle recommends the following fixes:-