User controllable script source

Description

The src parameter for one script tag from this page is dirrectly controlled by user input. An attacker who can control the reference location to a JavaScript source file can load a script of their choice into an application.

Remediation

Your script should properly sanitize user input. Do not allow user-input to control script source location references.

Severity
Classification
Tags
  • XSS