logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

339 Insecure service configuration - Request Validation

Description

No requestValidationMode is assigned in the server configuration files, which would allow XSS attacks.

Impact

Obtain sensitive information through XSS attacks.

Recommendation

Activate recommended protection mechanisms such as Request Validation.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

60 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

  • Attack vector: N
  • Attack complexity: H
  • Attack Requirements: N
  • Privileges required: N
  • User interaction: A
  • Confidentiality (VC): L
  • Integrity (VI): L
  • Availability (VA): N
  • Confidentiality (SC): N
  • Integrity (SI): N
  • Availability (SA): N

Threat 4.0

  • Exploit maturity: P

Requirements

Fixes

Last updated

2024/02/19