first commit

repeatedVuln.md

@@ -0,0 +1,54 @@
+### MEDIUM RISK
+
+## 1. CSP: Wildcard Directive
+# Eric response: Can't we updated the apache config to add trusted source?
+
+## 2. CSP: style-src 'unsafe-inline'
+# Eric response: Accept the risk
+
+## 3. CSP Header Not Set
+# Eric response: This is zabbix it's for internal use. Accept the risk
+
+## 4. CSP: script-src 'unsafe-inline'
+# Eric response: This is zabbix it's for internal use. Accept the risk
+
+## 5. Absence of Anti-CSRF Tokens
+# Eric response: accept the risk 
+
+## 6. Source Code Disclosure - SQL
+# Eric response: what source code is exposed?
+
+## 7. Sub Resource Integrity Attribute Missing
+# Eric response: nothink currently. Can you provide the integrity tag for the concerned external script
+
+## 8. Vulnerable JavaScript Library
+# Eric response: What's the concerne library?
+
+## 9. Missing Anti-clickjacking Header
+# Eric response:
+
+## 10. Cross-Domain Misconfiguration
+# Eric response:
+
+### LOW RISK
+
+## 1. Strict-Transport-Security Header Not Set
+# Eric response: accept risk
+
+## 2. Dangerous JavaScript Functions
+# Eric response: Accept the risk
+
+## 3. Server Leaks Version Information via 'Server' HTTP Response Header
+# Eric response: Accept the risk
+
+## 4. CSP: X-Content-Type-Options Header Missing
+# Eric response: Accept risk
+
+## 5. Cross-Domain JavaScript Source File Inclusion
+# Eric response: accept the risk 
+
+## 6. Cookie Without Secure Flag
+# Eric response: accept the risk 
+
+## 7. Cookie with SameSite Attribute None
+# Eric response: accept the risk