I used a web vulnerability scanner to scan my web site. It indicates several links with "Cross domain Java script source file inclusion."
May I know how would an attacker exploit this type of vulnerability, exactly? For example, the JS in question comes from addthis.com (share buttons etc). For this exploit to work, attacker have to exploit addthis.com, change their addthis.js and then some how when my users browse my website, this modified addthis.js will be executed on my client browser PC? Am I even on the right track?
If I wish to do remediation, what is the correct approach? Download the external domain JS to our side and run from our webserver? What other better and safe approach could there be? thanks