A content-security-policy vulnerability in ENS Control browser extension before 10.7.0 Update 15 allows a remote malicious user to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an malicious user to bypass the content-security-policy configuration.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
trellix endpoint_security_web_control |
||
trellix endpoint_security_web_control 10.7.0 |