info Cross-Domain JavaScript Source File Inclusion
Details
| Severity | info |
|---|---|
| Status | Open |
| Engine | zap |
| Target URL | https://easm.liifecore.com/domains/722a80b6-16c5-4fad-913a-8a612800ade0/deactivate |
| First Seen | 2026-07-14 03:00:20 UTC |
| Last Seen | 2026-07-14 03:00:20 UTC |
| CWE | CWE-829 |
Description
The page includes one or more script files from a third-party domain.
Evidence
<script src="https://unpkg.com/htmx.org@1.9.10"></script>
Raw Output
{
"alert": "Cross-Domain JavaScript Source File Inclusion",
"alertRef": "10017",
"attack": "",
"confidence": "Medium",
"cweid": "829",
"description": "The page includes one or more script files from a third-party domain.",
"evidence": "\u003cscript src=\"https://unpkg.com/htmx.org@1.9.10\"\u003e\u003c/script\u003e",
"id": "225",
"inputVector": "",
"messageId": "263",
"method": "POST",
"name": "Cross-Domain JavaScript Source File Inclusion",
"other": "",
"param": "https://unpkg.com/htmx.org@1.9.10",
"pluginId": "10017",
"reference": "",
"risk": "Low",
"solution": "Ensure JavaScript source files are loaded from only trusted sources, and the sources can\u0027t be controlled by end users of the application.",
"sourceMessageId": 263,
"sourceid": "3",
"tags": {
"CWE-829": "https://cwe.mitre.org/data/definitions/829.html",
"OWASP_2021_A08": "https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/",
"POLICY_DEV_STD": "",
"POLICY_PENTEST": "",
"POLICY_QA_STD": "",
"SYSTEMIC": "https://www.zaproxy.org/docs/desktop/addons/common-library/alerttags/#systemic"
},
"url": "https://easm.liifecore.com/domains/722a80b6-16c5-4fad-913a-8a612800ade0/deactivate",
"wascid": "15"
}