SYM_GEN_0063 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
| Property | Value |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-346: Origin Validation Error |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Including JavaScript or CSS from a CDN without using the 'integrity' attribute on <script> or tags means your application can't verify if the external resource has been tampered with. This exposes users to the risk of loading malicious or altered code if the CDN is compromised.
If an attacker manages to modify the CDN-hosted file, your users could unknowingly execute harmful scripts, leading to data theft, account compromise, or further attacks on your application. This can result in loss of user trust, data breaches, and potential legal or compliance issues.