Description

This web application contains resources (scripts or frames) that are loaded from a non-resolving (potentially expired) domain. At attacker can potentially register the expired domain and serve malicious HTML or JavaScript code (hijacking the resource).

Remediation

Replace the scripts/frames that are loaded from non-resolving domains with new links that are pointing to valid domains.

References

Broken Link Hijacking

Related Vulnerabilities

Web Cache Poisoning via POST Request

Multiple vulnerabilities fixed in PHP versions 5.5.12 and 5.4.28

Cookies Not Marked as HttpOnly

[Possible] Password Transmitted over Query String

The POODLE attack (SSLv3 with CBC cipher suites)

Severity

Low

Classification

CWE-610 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:L/SA:N

Tags

Configuration