The application is vulnerable to cross site script inclusion. The application uses a library hosted on a third-party domain. These third-party scripts are not controlled by the organization and they execute in the context of the current domain and with privileges of existing scripts. Attackers who have compromised the third-party host can bypass same origin policies and execute attacks against the application.
Since the externally-hosted script is not controlled by the organization, changes can be made that affect the security and functionality of the application. If an attacker can compromise the third party and inject malicious code into the script, they can attack users of the application. A third-party malicious script will execute with the same privileges as local scripts such as accessing application data and performing actions available to the current user. Third-party scripts may also lead to a disclosure of sensitive information as the third-party organization will have access to application requests for the scripts which include HTTP headers and potentially information about resources being requested by users. There is also the risk that changes in the third-party scripts could impact the application causing downtime or improper or unexpected behavior.
How To Test
Sample Report Screenshots
Time Saving Tips