您的SharePoint公共网站是否受到SSL证书的保护和保护？如果是，则无法对操纵会话和cookie进行风险评估。

Its your SharePoint public site has been well guarded and protected by SSL certificates ? If yes, Your Risk assessment on manipulating the session and cookies will not be possible.

如果您启用了"匿名"，则用户上下文也不会出现。访问此网站，因此网站中不会出现冒充情况。

And also user context won't be there if you enabled the "anonymous" access on this site, so impersonating situation won't arise in the site.

您是否在公共网站上公开了一些用户记录？那不应该。可能是您可能已在公共网站上嵌入列表或文档库Web部件，因此在您的公共站点上进行安全修整。如果是，请从页面中删除
列表视图webpart。

Are you exposing some user records on the public site ? then It shouldn't be . May be you might have embed the List or document library web part on the Public website and consequently Security trimming happening on your public site. If yes please remove the List view webpart from the page.

此外，我怀疑将脚本注入页面的测试场景，测试人员可能已执行此测试作为经过身份验证的用户的活动，这就是网站响应和执行脚本的原因。

And also, I am suspecting the testing scenario for injecting the script into the page, tester might have perform this testing activities as authenticated user, thats why site responding and executing the script.