Magento Security Scan Report

Ramesh_Babu · January 21, 2021, 5:22pm

Below are the 2 failed check in Magento Security scan report how to fix it
Note: 1. i have installed Magento in /var/www/html
2. my current version of Magento is 2.4.1
1.FAIL
Vulnerability
Magento /pub/
Your Web server is configured to run Magento from %MAGENTO_ROOT% directory.It is recommended to set %MAGENTO_ROOT%/pub as a Web server root directory.
Follow Security Best Practices.
2. FAIL
Patch
XS Vulnerability
XS Vulnerability - Failed.XSS Patch not detected (APPSEC-1716)
Apply the Magento 2.2.5/2.1.14 Security Update immediately.
Review your site for signs of compromise. Find more information about Security Best Practices.

Kindly assist

Heemin · February 8, 2021, 4:35pm

Hi Ramesh_Babu,

There is good documentation here:

I applied to my server and had no problems.

Best,
He’emin

Please follow the instruction depending on what server environment you are using (Nginx or apache)

Heemin · February 8, 2021, 4:46pm

This could be caused by a module you installed.
It most likely does not come from your Magento install since you are using 2.4.1.

Look at this:
https://github.com/mageplaza/module-core/issues/31

system · March 10, 2021, 4:46pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.