Detections
Analytics

Script Src Integrity Check

high Nessus Plugin ID 119811

Language:

Synopsis

Report external script resources not using integrity.

Description

The remote host may be vulnerable to payment entry data exfiltration due to javascript included from potentially untrusted and unverified third parties script src.

If the host is controlled by a 3rd party, ensure that the 3rd party is PCI DSS compliant.

Solution

Set script integrity checking on target script or remove target script.

See Also

http://www.nessus.org/u?c9e76c4f

https://www.w3.org/TR/SRI/

http://www.nessus.org/u?f39144f8

Plugin Details

Severity: High

ID: 119811

File Name: script_src_integrity.nasl

Version: 1.4

Type: remote

Family: Web Servers

Published: 12/20/2018

Updated: 5/11/2020

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of vulnerability.

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:P/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: High

Base Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N