Vulnerability
Content Security Policy is a security standard. It was introduced to protect from cross-site scripting and other injection attacks. This is achieved by restricting data access from different sources. Content Security Policy is the second layer of protection from Cross-site Scripting and related attacks. This application uses an Unsafe Content Security Policy Directive unsafe-eval. This vulnerability allows the use of string evaluation functions like eval. This may lead to the attacker to bypass Content Security Policy and exploits a Cross-site Scripting vulnerability successfully.
Example
Content-Security-Policy:
default-src 'self';
script-src 'self' https://code.jquery.com;
Impact
This vulnerability leads to cross-site scripting and related attacks.
Mitigation / Precaution
Beagle recommends the following impacts:-
- Set proper Content Security Policy
- Remove unsafe eval from Content Security Policy Directive
Written by
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
