🔥 3-day streak
CompTIA PenTest+ (PT0-003)137 / 175
Question 137 of 175

During a web application assessment, your automated scanner flags two findings on the same target: (1) a reflected XSS in a search parameter rated Medium, and (1) 'Apache HTTP Server 2.4.29 - Multiple Vulnerabilities' rated Critical, based solely on the Server response header. The client's change records show the web tier was migrated to Nginx six months ago, sitting behind a reverse proxy. What is the most appropriate next step before including these in the report?

Reviewed for accuracy · Report an issueNext question