Description

This web application contains resources (scripts or frames) that are loaded from a non-resolving (potentially expired) domain. At attacker can potentially register the expired domain and serve malicious HTML or JavaScript code (hijacking the resource).

Remediation

Replace the scripts/frames that are loaded from non-resolving domains with new links that are pointing to valid domains.

References

Broken Link Hijacking

Related Vulnerabilities

Harbor Unauthorized Access Vulnerability

Gitlab user disclosure

default-src Used in Content Security Policy (CSP)

TorchServe Management API publicly exposed

Tornado weak secret key

Severity

Low

Classification

CWE-610 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:L/SA:N

Tags

Configuration