Home/Alerts/Alert detail/

Cross-Domain JavaScript Source File Inclusion

Risk:
Low

Type:
Passive

CWE:
CWE-829

Summary: The page includes one or more script files from a third-party domain.

Solution: Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.

Top Security News

Content Credentials Technology Verifies Image, Video Authenticity

Windows Server 2025 released—here are the new features

Chinese hackers abuse Microsoft APP-v tool to evade antivirus

Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks

Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls

Microsoft: Hackers steal emails in device code phishing attacks

PirateFi game on Steam caught installing password-stealing malware

Expert Tips on How to Spot a Phishing Link

Top Alert List

Content Security Policy (CSP) Header Not Set

CSP

MediumMissing Anti-clickjacking Header

InformationalInformation Disclosure - Suspicious Comments

MediumAbsence of Anti-CSRF Tokens

MediumContent Security Policy (CSP) Header Not Set

LowCross-Domain JavaScript Source File Inclusion

InformationalModern Web Application

HighPII Disclosure

InformationalRe-examine Cache-control Directives

Top CVE List

CVE-2024-41710 Mitel SIP Phones Argument Injection Vulnerability

CVE-2025-0108 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

CVE-2025-0994 Trimble Cityworks Deserialization Vulnerability

CVE-2017-3881 Cisco IOS and IOS XE Remote Code Execution Vulnerability

CVE-2017-6736 Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability

CVE-2024-43572 Microsoft Windows Management Console Remote Code Execution Vulnerability

CVE-2024-57727 SimpleHelp Path Traversal Vulnerability

CVE-2025-0411 7-Zip Mark of the Web Bypass Vulnerability

CVE-2025-21335 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability

Top CWE List

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CWE-693 Protection Mechanism Failure

CWE-201 Insertion of Sensitive Information Into Sent Data

CWE-581 Object Model Violation: Just One of Equals and Hashcode Defined

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

CWE-1426 Improper Validation of Generative AI Output

MediumCWE-352 Cross-Site Request Forgery (CSRF)

HighCWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-284 Improper Access Control

CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

Free online web security scanner

Don't show website scan report rating on the leaderboard