Description
The src parameter for one script tag from this page is dirrectly controlled by user input. An attacker who can control the reference location to a JavaScript source file can load a script of their choice into an application.
Remediation
Your script should properly sanitize user input. Do not allow user-input to control script source location references.
References
OWASP - Cross Site Scripting (XSS)
CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Related Vulnerabilities
WordPress Plugin WP Elegant Testimonial Cross-Site Scripting (1.1.6)
WordPress Plugin User Activation Email Cross-Site Scripting (1.3.0)
WordPress Plugin DSGVO All in one for WP Cross-Site Scripting (4.1)
WordPress Plugin WP-Lister Lite for eBay Cross-Site Scripting (2.0.8.3)
WordPress Plugin WP Server Log Viewer Cross-Site Scripting (1.0)