ID de Prueba:	1.3.6.1.4.1.25623.1.0.114685
Categoría:	Malware
Título:	Web Application using Malicious polyfill.io CDN (HTTP)
Resumen:	This script reports if a web page of the remote host is; integrating JavaScript (.js) files hosted on the malicious polyfill.io CDN (or any affiliated; domain provided by the same new owner).
Descripción:	Summary: This script reports if a web page of the remote host is integrating JavaScript (.js) files hosted on the malicious polyfill.io CDN (or any affiliated domain provided by the same new owner). Vulnerability Insight: - In June 2024 it was determined that the new owner of the popular Polyfill JS project injects malware into more than 100k sites embedding JavaScript from this CDN - The same owner has been observed since at least June 2023 to spread malware via additional domains (checked by this script) as well Note: The following products are known to use the malicious domain by default and thus the relevant CVEs have been added to this script: - CVE-2024-38526: pdoc - CVE-2024-38537: Fides Vulnerability Impact: Malicious payloads are shipped in the form of malware to users of the affected web page which allows multiple attack vectors like a redirect of the user to phising sites or similar. Solution: Replace the malicious JavaScript reference with a trustworthy alternative. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-38526 Common Vulnerability Exposure (CVE) ID: CVE-2024-38537
Copyright	Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.