Cross-Domain JavaScript Source File Inclusion

Home/Alerts/Alert detail/

Risk:
Low

Type:
Passive

CWE:
CWE-829

Summary: The page includes one or more script files from a third-party domain.

Solution: Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.

Top Security News

Download: CIS Critical Security Controls v8.1

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)

Hackers now use AppDomain Injection to drop CobaltStrike beacons

New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

Critical Veeam RCE bug now used in Frag ransomware attacks

HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities

Palo Alto Networks warns of potential PAN-OS RCE vulnerability

D-Link won’t fix critical flaw affecting 60,000 older NAS devices

Common Alerts

MediumCSP: Meta Policy Invalid Directive

MediumProxy Disclosure

InformationalInformation Disclosure - JWT in Browser sessionStorage

InformationalVerification Request Identified

LowPrivate IP Disclosure via WebSocket

InformationalSec-Fetch-Site Header Has an Invalid Value

MediumCSP: script-src unsafe-hashes

LowStrict-Transport-Security Header Not Set

HighSQL Injection - MySQL

MediumBypassing 403

Latest CVE List

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

CVE-2024-49039 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability

CVE-2024-43451 Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

CVE-2014-2120 Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability

CVE-2021-26086 Atlassian Jira Server and Data Center Path Traversal Vulnerability

CVE-2024-5910 Palo Alto Networks Expedition Missing Authentication Vulnerability

CVE-2024-43093 Android Framework Privilege Escalation Vulnerability

CVE-2024-51567 CyberPanel Incorrect Default Permissions Vulnerability

Common CWEs

CWE-162 Improper Neutralization of Trailing Special Elements

CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')

CWE-238 Improper Handling of Incomplete Structural Elements

CWE-1293 Missing Source Correlation of Multiple Independent Data

CWE-52 Path Equivalence: '/multiple/trailing/slash//'

HighCWE-649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking

CWE-405 Asymmetric Resource Consumption (Amplification)

CWE-767 Access to Critical Private Variable via Public Method

CWE-24 Path Traversal: '../filedir'

CWE-794 Incomplete Filtering of Multiple Instances of Special Elements

Free security scan for your website

Don't show website scan report rating on the leaderboard