Vulnerability in Third-party components


In web app vulnerability scanning, vulnerability in third-party components are always missed by scanners as components reside in off-site domains.

There have been XSS vulnerabilities identified:

Lesson Learnt:

Manual testing and reviewing third-party components is necessary to detect vulnerabilities.  It's not worth to leak security flaws through buggy 3rd party components.


Popular posts from this blog

Bypassing referrer check with no script involved

Jumping out of Touch Screen Kiosks