Magento Security Scan Report

Below are the 2 failed check in Magento Security scan report how to fix it
Note: 1. i have installed Magento in /var/www/html
2. my current version of Magento is 2.4.1
1.FAIL
Vulnerability
Magento /pub/
Your Web server is configured to run Magento from %MAGENTO_ROOT% directory.It is recommended to set %MAGENTO_ROOT%/pub as a Web server root directory.
Follow Security Best Practices.
2. FAIL
Patch
XS Vulnerability
XS Vulnerability - Failed.XSS Patch not detected (APPSEC-1716)
Apply the Magento 2.2.5/2.1.14 Security Update immediately.
Review your site for signs of compromise. Find more information about Security Best Practices.

Kindly assist

Hi Ramesh_Babu,

There is good documentation here:

I applied to my server and had no problems.

Best,
Heā€™emin

Please follow the instruction depending on what server environment you are using (Nginx or apache)

This could be caused by a module you installed.
It most likely does not come from your Magento install since you are using 2.4.1.

Look at this: