Malicious-Code-By-External-Sources/EN: Unterschied zwischen den Versionen

Aus Siwecos
Wechseln zu: Navigation, Suche
 
Zeile 1: Zeile 1:
 +
 
=== {{:{{PAGENAME}}/Headline}} ===
 
=== {{:{{PAGENAME}}/Headline}} ===
  

Aktuelle Version vom 7. Mai 2020, 10:40 Uhr

Check of JavaScript code for DOMXSS sources

If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.

Result positive No unsafe code components for DOMXSS sources were recognized in an automatic check.
Result negativ Unsafe JavaScript code used (sources)
Description During the check, at least one vulnerability was found on the web page that could be controlled by an external, potentially untrustworthy source.
Background A potential vulnerability for your website is caused by loading files and code from unsafe or external sources. An attacker who controls the external source could upload malicious code which could then be executed on your web page.
Consequence Cross-site scripting allows criminals to store malicious code on your website. This code can infect your visitors or customers and thus cause severe harm, for example if the malicious code leads to the installation of a ransomware in their company's network. In this case you could be held liable for the damage. IT security companies could list you on their index of dangerous websites and thus prevent access to your website for security reasons. The information that your website contains/contained malicious code can still be found by search engines, even many years after the malicious code was removed. If your website is listed on such a blacklist, you may no longer be able to receive or send emails, because your entire network and the IP would be rated as a security risk to others.
Solution/Tips If unsafe JavaScript code was reported, the web application may be vulnerable to so-called DOMXSS attacks.

The check result can only be taken as an indication of security flaws. Further tests are necessary to confirm that there are vulnerabilities on the website.