Details
Alert Id 10017
Alert Type Passive Scan Rule
Status release
Risk
CWE
WASC

Summary

The page includes one or more script files from a third-party domain.

Solution

Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.

References

Code

org/zaproxy/zap/extension/pscanrules/CrossDomainScriptInclusionScanRule.java