Description
The src parameter for one script tag from this page is dirrectly controlled by user input. An attacker who can control the reference location to a JavaScript source file can load a script of their choice into an application.
Remediation
Your script should properly sanitize user input. Do not allow user-input to control script source location references.
References
OWASP - Cross Site Scripting (XSS)
CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Related Vulnerabilities
WordPress Plugin Job Manager Cross-Site Scripting (0.7.22)
WordPress Plugin Contest Gallery-Photo Contest for WordPress Cross-Site Scripting (14.1.7)
WordPress Plugin WP Customer Reviews Cross-Site Scripting (3.4.2)
WordPress Plugin File Manager Cross-Site Scripting (7.0)
WordPress Plugin Job Board by BestWebSoft Cross-Site Scripting (1.1.3)