admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update csp-data-scheme-allowed.yaml

Browse Source
This commit is contained in:
Ritik Chaddha
2025-12-01 13:22:17 +05:30
committed by GitHub
parent 89b61a2c10
commit 7dee85479d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
http/misconfiguration/csp-data-scheme-allowed.yaml
View File

@@ -2,7 +2,7 @@ id: csp-data-scheme-allowed
info:
name: Content-Security-Policy `data:` Scheme - Allowed
author: ritik
author: ritikchaddha
severity: low
description: |
Detected Content Security Policy (CSP) configurations that allow the 'data:' URI scheme.Allowing data: in CSP directives (especially script-src, default-src, object-src) can enable XSS attacks through techniques like iframe srcdoc with deferred scripts, bypassing CSP protections. This is a common CSP misconfiguration that weakens XSS defenses.