if im visiiting this :  app=core&module=system&controller=serviceworker&v=6cc31f1c811676118426&type=front&loggedIn=true

im able to see code from browser

 

 

 

 

This is client-side JavaScript code. It's not a security vulnerability, it's supposed to be viewable by the client.

its service worker must be publicly available 🙂

Edited February 11, 20232 yr by SeNioR-