The software imports, requires, or includes executable
					functionality (such as a library) from a source that is outside of the intended
					control sphere. When including third-party functionality, such as a web widget, library,
						or other source of functionality, the software must effectively trust that
						functionality. Without sufficient protection mechanisms, the functionality
						could be malicious in nature (either by coming from an untrusted source,
						being spoofed, or being modified in transit from a trusted source). The
						functionality might also contain its own weaknesses, or grant access to
						additional functionality and state information that should be kept private
						to the base system, such as system state information, sensitive application
						data, or the DOM of a web application.This might lead to many different consequences depending on the included
						functionality, but some examples include injection of malware, information
						exposure by granting excessive privileges or permissions to the untrusted
						functionality, DOM-based XSS vulnerabilities, stealing user's cookies, or
						open redirect to malware (CWE-601).