SYM_GEN_0295 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
| Property | Value |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-353: Missing Support for Integrity Check |
| OWASP | A08:2021 - Software and Data Integrity Failures |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
External <script> or tags in your HTML are missing the 'integrity' attribute, which means browsers can't verify that the files loaded from third-party sources haven't been tampered with. Without this check, your site could unknowingly load malicious code if those external files are compromised.
If an attacker compromises a third-party resource your site loads, they could inject malicious scripts (such as for phishing, stealing user data, or spreading malware) directly into your website. This puts both your users and your organization's reputation at risk, and may lead to XSS or broader security breaches.