Our security scanning tool reporting PRSSI (Path-Relative Stylesheet Import) vulnerability in the cockpit web interface style sheet logic which needs to be addressed to enhance the cockpit web interface security. Cockpit WEB Interface is being accessed through our device’s web interface through iframe.
Tags being reported by the scanning tool are :
Hello @kishoramballi and welcome back to the forums. The tags didn’t show up in your post, so we aren’t sure if this is a false-positive or not. However, if this is a particular CVE being reported, you may want to refer to this document to double-check that the issue isn’t already patched as a back port.
Hi @sspencerwire, the lines being reported in the scanning tool are the following ones.
**Tags being reported by the scanning tool are :**
<link href=“cockpit/static/login.css” type=“text/css” rel=“stylesheet” />
<link href=“cockpit/static/branding.css” type=“text/css” rel=“stylesheet” />
The HTML tags don’t really help. @sspencerwire’s post is still valid - you need to check your scanner to make sure it’s reporting correct information since a lot of scanners without correct access give inaccurate results and false information.
If there is a vulnerability, the scanner will give you a CVE number. Or at least it should do.