Script Src Integrity Check

High Nessus Plugin ID 119811


Report external script resources not using integrity.


The remote host may be vulnerable to payment entry data exfiltration due to javascript included from potentially untrusted and unverified third parties script src.

If the host is controlled by a 3rd party, ensure that the 3rd party is PCI DSS compliant.


Set script integrity checking on target script or remove target script.

See Also

Plugin Details

Severity: High

ID: 119811

File Name: script_src_integrity.nasl

Version: 1.3

Type: remote

Family: Web Servers

Published: 2018/12/20

Updated: 2019/03/27

Dependencies: 10662

Risk Information

Risk Factor: High

CVSS Score Source: manual

CVSS Score Rationale: Score based on analysis of vulnerability.

CVSS v2.0

Base Score: 7.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:P/A:N

CVSS v3.0

Base Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N