Description
The src parameter for one script tag from this page is dirrectly controlled by user input. An attacker who can control the reference location to a JavaScript source file can load a script of their choice into an application.
Remediation
Your script should properly sanitize user input. Do not allow user-input to control script source location references.
References
OWASP - Cross Site Scripting (XSS)
CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Related Vulnerabilities
WordPress Plugin Frontend Uploader Cross-Site Scripting (0.9.2)
WordPress Plugin WPML (WordPress Multilingual) Cross-Site Scripting (3.2.6)
WordPress Plugin Agent Storm by StormRETS Multiple Cross-Site Scripting Vulnerabilities (1.1.35)
WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Cross-Site Scripting (1.3.8)