Ncino
Xml
visualforce-page-api-version
visualforce-page-api-version
Visualforce Pages must use API version 55 or higher for required use of the cspHeader attribute set to true.
Likelihood: HIGH
Confidence: HIGH
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection
csp-header-attribute
csp-header-attribute
Visualforce Pages must have the cspHeader attribute set to true. This attribute is available in API version 55 or higher.
Likelihood: HIGH
Confidence: HIGH
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection