← Back to Findings

info Cross-Domain JavaScript Source File Inclusion

Details

Severityinfo
StatusOpen
Enginezap
Target URLhttps://easm.liifecore.com/events?domain&event_type&page=3&severity
First Seen2026-07-14 03:00:20 UTC
Last Seen2026-07-14 03:00:20 UTC
CWECWE-829

Description

The page includes one or more script files from a third-party domain.

Evidence

<script src="https://unpkg.com/htmx.org@1.9.10"></script>

Raw Output

{
  "alert": "Cross-Domain JavaScript Source File Inclusion",
  "alertRef": "10017",
  "attack": "",
  "confidence": "Medium",
  "cweid": "829",
  "description": "The page includes one or more script files from a third-party domain.",
  "evidence": "\u003cscript src=\"https://unpkg.com/htmx.org@1.9.10\"\u003e\u003c/script\u003e",
  "id": "158",
  "inputVector": "",
  "messageId": "239",
  "method": "GET",
  "name": "Cross-Domain JavaScript Source File Inclusion",
  "other": "",
  "param": "https://unpkg.com/htmx.org@1.9.10",
  "pluginId": "10017",
  "reference": "",
  "risk": "Low",
  "solution": "Ensure JavaScript source files are loaded from only trusted sources, and the sources can\u0027t be controlled by end users of the application.",
  "sourceMessageId": 239,
  "sourceid": "3",
  "tags": {
    "CWE-829": "https://cwe.mitre.org/data/definitions/829.html",
    "OWASP_2021_A08": "https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/",
    "POLICY_DEV_STD": "",
    "POLICY_PENTEST": "",
    "POLICY_QA_STD": "",
    "SYSTEMIC": "https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic"
  },
  "url": "https://easm.liifecore.com/events?domain\u0026event_type\u0026page=3\u0026severity",
  "wascid": "15"
}

Update Status