When applications respond to our HTTP requests they include information about the response, how the browser should handle the response (i.e. avoid unsafe javascript) and also with some information about the server. Some applications out there advertise their
Using the Network tab in your browser's developer tools, can you find out what insecure version of software this page is (pretending to be) running on?
Your next challenge is to find a vulnerability a CVSS score of 9.8 (any of the 3 is fine).