The src parameter for one script tag from this page is partially controlled by user input. This behavior can potentially lead to various security issues, in some cases it could be possible to conduct Reverse Clickjacking attacks.


Your script should properly sanitize user input. The user input should be properly escaped before being used to construct the script URL.

Related Vulnerabilities