Web Server CSS Hosted on 3rd-party Server

info Nessus Network Monitor Plugin ID 5800

Synopsis

The remote web server utilizes Cascading Style Sheets (CSS) on it's pages.

Description

The remote web server utilizes Cascading Style Sheets (CSS) on its pages. Further, the web server seems to be using CSS from an external source. This can be a risk in that script code can be embedded within the CSS which would potentially execute within the user browser.

Solution

Ensure that loading client-side CSS from a 3rd party is authorized with respect to policies and guidelines.

Plugin Details

Severity: Info

ID: 5800

Family: Policy

Published: 2/23/2011

Updated: 6/1/2015