Invalid Subresource Integrity

medium Web Application Scanning Plugin ID 98649


Invalid Subresource Integrity


Subresource Integrity (SRI) is a web security standard that enables browsers to verify that resources hosted by third parties (CDN for example) are delivered without unexpected manipulation.

SRI works by comparing a cryptographic hash declared in the integrity attribute of the resource tag (like script or link) used to fetch the resource and the calculated hash value of this resource.

A mismatch between integrity attribute hash and calculated hash has been detected for one or more resources.


Check if third party resources have been modified. If it's a legitimate modification then update the integrity attribute, if not do not continue to use the third party resources.

See Also

Plugin Details

Severity: Medium

ID: 98649

Type: remote

Published: 8/7/2019

Updated: 11/26/2021

Scan Template: scan, pci, overview

Risk Information


Risk Factor: Medium

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: Tenable


Risk Factor: Medium

Base Score: 4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

CVSS Score Source: Tenable

Vulnerability Information

Patch Publication Date: 8/1/2019

Vulnerability Publication Date: 8/1/2019

Reference Information