A third-party analytics script your team included in the marketing site is flagged as serving malicious JS. How do you respond?
Expected Points
- ✓Immediately remove or block the malicious script tag (emergency deploy or CDN rule) to stop ongoing exfiltration.3
- ✓Rotate or invalidate all active session tokens to limit the blast radius of any already-stolen cookies.3
- ✓Determine the exposure window: when was the script tampered, and which user sessions were active? Check CDN logs and the script provider's incident report.2
- ✓Notify affected users per your breach-notification obligations and inform legal/compliance of potential regulatory requirements.2
- ✓Add Subresource Integrity (SRI) hashes for all third-party scripts and tighten your CSP to block unauthorised origins.2
- ✓Conduct a supply-chain review: audit all third-party scripts, establish a periodic hash-pinning process, and evaluate self-hosting critical scripts.1
Supply-chain XSS incidents require fast containment (remove the script), blast-radius assessment, user communication, and root-cause analysis of how the dependency was approved.