• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
2

Security Misconfiguration

Community Beginner ,
Oct 17, 2023 Oct 17, 2023

Copy link to clipboard

Copied

We are using following script tag for ViewerSDK in index.html file of our application:

<script type='text/javascript' src='https://documentservices.adobe.com/view-sdk/viewer.js'></script>

But there has been a security risk found at this line with following details:
Description: Javascript files can be imported dynamically from remote hosts when they are embedded into HTML. However, this reliance on a remote host for these scripts may diminish security, as web-application's users are only ever as secure as the remote host serving these Javascript files.
 
Impact: An externally imported Javascript file may leave users vulnerable to attack - if the Javascript's host is compromised, if communications with the host are intercepted or if the host itself is not trustworthy, then the contents of the Javascript file may change to have malicious code, which could result in a Cross-Site Scripting (XSS) attack.
 
Remediation RecommendationWhere possible, host all script files locally, rather than remotely. Ensure that locally hosted 3rd party script files are constantly updated and maintained.
 
Is there a way where I can download and keep the concerned SDK in my local and host it locally?
We need to fix this security vulnerability.
TOPICS
Bug , General , How to , PDF Embed API

Views

342

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Oct 29, 2023 Oct 29, 2023

Copy link to clipboard

Copied

LATEST

Can someone please provide some insights in this issue?

Thanks in advance 🙂

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources