Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
User controllable script source - Vulnerability Database

User controllable script source

Description

The src parameter for one script tag from this page is dirrectly controlled by user input. An attacker who can control the reference location to a JavaScript source file can load a script of their choice into an application.

Remediation

Your script should properly sanitize user input. Do not allow user-input to control script source location references.

References

OWASP - Cross Site Scripting (XSS)
CWE-829: Inclusion of Functionality from Untrusted Control Sphere

Related Vulnerabilities

Adobe Coldfusion 8 multiple linked XSS vulnerabilies High
Common tags: XSS
WordPress Plugin Elementor Website Builder Cross-Site Scripting (2.9.13) High
Common tags: XSS
WordPress Plugin WordPress Appointment Booking and Online Scheduling by Appointy Cross-Site Scripting (2.40) High
Common tags: XSS
WordPress Plugin WordPress Colorbox Lightbox Cross-Site Scripting (1.1.2) High
Common tags: XSS
WordPress Plugin WordPress fancyBox Lightbox Cross-Site Scripting (1.0.1) High
Common tags: XSS

Severity

High

Classification

CWE-79
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N

Tags

XSS