164 – Insecure service configuration

Description

No requestValidationMode is assigned in the server configuration files, which would allow XSS attacks.

Impact

Obtain sensitive information through XSS attacks.

Recommendation

Activate the recommended protection mechanisms as Request validation.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

60 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: H
• Attack Requirements: N
• Privileges required: N
• User interaction: A
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 185 - Encrypt sensitive information
• 266 - Disable insecure functionalities

Fixes

• Csharp
• Dart
• Php

Last updated

2024/02/15