Details
Alert Id 10017
Alert Type Passive
Status release
Risk Low
CWE 829
WASC 15
Tags OWASP_2021_A08

Summary

The page includes one or more script files from a third-party domain.

Solution

Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.

References

Code

org/zaproxy/zap/extension/pscanrules/CrossDomainScriptInclusionScanRule.java