Cross-Domain JavaScript Source File Inclusion

Home/Alerts/Alert detail/

Risk:
Low

Type:
Passive

CWE:
CWE-829

Summary: The page includes one or more script files from a third-party domain.

Solution: Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.

Latest Security News

BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356)

NVIDIA shares fix for game performance issues with new NVIDIA App

'Bitter' cyberspies target defense orgs with new MiyaRAT malware

New fake Ledger data breach emails try to steal crypto wallets

CISA orders federal agencies to secure Microsoft 365 tenants

New critical Apache Struts flaw exploited to find vulnerable servers

Ireland fines Meta $264 million over 2018 Facebook data breach

Over 25,000 SonicWall VPN Firewalls exposed to critical flaws

Common Alerts

MediumBuffer Overflow

MediumApache Range Header DoS (CVE-2011-3192)

InformationalUser Controllable JavaScript Event (XSS)

MediumHTTPS to HTTP Insecure Transition in Form Post

InformationalVerification Request Identified

HighSQL Injection - MsSQL

HighLDAP Injection

LowCSP: X-WebKit-CSP

InformationalEmail address found in WebSocket message

HighPath Traversal

Top CVE List

CVE-2024-20767 Adobe ColdFusion Improper Access Control Vulnerability

CVE-2023-36884 Microsoft Windows Search Remote Code Execution Vulnerability

CVE-2024-35250 Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability

CVE-2024-50623 Cleo Multiple Products Unrestricted File Upload Vulnerability

CVE-2024-51378 CyberPanel Incorrect Default Permissions Vulnerability

CVE-2024-8963 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability

CVE-2024-36401 OSGeo GeoServer GeoTools Eval Injection Vulnerability

CVE-2024-55956 Cleo Multiple Products Unauthenticated File Upload Vulnerability

CVE-2024-9380 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

Common CWEs

CWE-86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages

HighCWE-293 Using Referer Field for Authentication

CWE-782 Exposed IOCTL with Insufficient Access Control

CWE-710 Improper Adherence to Coding Standards

CWE-1271 Uninitialized Value on Reset for Registers Holding Security Settings

CWE-87 Improper Neutralization of Alternate XSS Syntax

CWE-695 Use of Low-Level Functionality

CWE-830 Inclusion of Web Functionality from an Untrusted Source

CWE-154 Improper Neutralization of Variable Name Delimiters

CWE-84 Improper Neutralization of Encoded URI Schemes in a Web Page

Free security scan for your website

Don't show website scan report rating on the leaderboard