Visualforce Pages must use API version 55 or higher for required use of the cspHeader attribute set to true. Likelihood: HIGH Confidence: HIGH CWE: - CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP: - A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection
csp-header-attribute
Visualforce Pages must have the cspHeader attribute set to true. This attribute is available in API version 55 or higher. Likelihood: HIGH Confidence: HIGH CWE: - CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP: - A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection