Input Validation Error High Possibility of server-side code execution if code from remote server is run. Compromise of user sessions or data. Phishing, social engineering. The developer should investigate the reason why the server is fetching remote content and embedding it in the page. In particular, the feasibility of server-side code execution should be determined. Vega has determined that content from a client-specified location is being retrieved by the server and output. In some circumstances, code included in this content will be executed by the server. If this is possible, an attacker may be able to gain unauthorized access to the server. Minimally, the inclusion of content originating on a third-party server introduces the possibility of phishing or social engineering attacks. Remote File Inclusion (Wikipedia)