Are files like favicon.ico, robots.txt, and sitemap.xml vulnerable to XSS?
A Zap scan against an app detected the “Web Browser XSS Protection Not Enabled” vulnerability on sitemap and favicon. Would it be safe to ignore those URLs or does it mean that the app is vulnerable?
Here is the full output on favicon:
{… Continue reading Are files like favicon.ico, robots.txt, and sitemap.xml vulnerable to XSS?