While your client's website may not collect or retain sensitive data, the concern would be that website visitors could still be affected if a malicious actor were to gain control of it or modify it in some way (such as redirecting people to a malicious page or forcing them to click on a bad link). This risk is present even on information-only websites or websites not connected to the internal network.
Therefore, these vulnerabilities are still valid, and the recommendation is for your client to remediate these vulnerabilities to ensure a malicious actor is not able to access and modify the website.
Comments
0 comments
Please sign in to leave a comment.