Node.Security

Security Audit of TermKit

ISGroup SRL performed an automated Code Review (not a real Static Analysis, more a grep-on-steroid) of this NodeJS project in order to identify potential security vulnerabilities. We do not guarantee that all the findings are valid, and for sure there are plenty of false-positives and false-negatives (undetected issues) but it's free and your project could benefit from this security analisys. The following data is also available in JSON format!

Possible Security Issues
Issue Description Line File
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 55 Node/test.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 60 Node/test.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 81 Node/test.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 86 Node/test.js
Remote OS Command Execution User controlled data in 'child_process.exec()' can result in Remote OS Command Execution. 1 Node/misc.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 82 Node/misc.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 92 Node/misc.js
Remote OS Command Execution User controlled data in 'child_process.exec()' can result in Remote OS Command Execution. 4 Node/shell/shell.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 31 HTML/termkit.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 37 HTML/termkit.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 416 HTML/jquery.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 448 HTML/jquery.js
Server Side Injection(SSI) - new Function() User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 562 HTML/jquery.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 925 HTML/jquery.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1716 HTML/jquery.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1832 HTML/jquery.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 7300 HTML/jquery.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8227 HTML/jquery.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8366 HTML/jquery.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 6 HTML/commandview/iknowthis.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 26 HTML/commandview/iknowthis.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 316 HTML/tokenfield/token.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 401 HTML/tokenfield/token.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 411 HTML/outputview/outputfactory.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 408 HTML/external/jquery-ui/development-bundle/jquery-1.5.1.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 440 HTML/external/jquery-ui/development-bundle/jquery-1.5.1.js
Server Side Injection(SSI) - new Function() User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 552 HTML/external/jquery-ui/development-bundle/jquery-1.5.1.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1079 HTML/external/jquery-ui/development-bundle/jquery-1.5.1.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1724 HTML/external/jquery-ui/development-bundle/jquery-1.5.1.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 6760 HTML/external/jquery-ui/development-bundle/jquery-1.5.1.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 7780 HTML/external/jquery-ui/development-bundle/jquery-1.5.1.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 972 HTML/external/jquery-ui/development-bundle/ui/jquery.ui.sortable.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 64 HTML/external/jquery-ui/development-bundle/ui/jquery.effects.explode.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 97 HTML/external/jquery-ui/development-bundle/ui/jquery.ui.autocomplete.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 128 HTML/external/jquery-ui/development-bundle/ui/jquery.ui.autocomplete.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 148 HTML/external/jquery-ui/development-bundle/ui/jquery.ui.autocomplete.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 160 HTML/external/jquery-ui/development-bundle/ui/jquery.ui.autocomplete.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 185 HTML/external/jquery-ui/development-bundle/ui/jquery.ui.autocomplete.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 66 HTML/external/jquery-ui/development-bundle/ui/jquery-ui-1.8.12.custom.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 635 HTML/external/jquery-ui/development-bundle/ui/jquery-ui-1.8.12.custom.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 4112 HTML/external/jquery-ui/development-bundle/ui/jquery-ui-1.8.12.custom.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 4925 HTML/external/jquery-ui/development-bundle/ui/jquery-ui-1.8.12.custom.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 4956 HTML/external/jquery-ui/development-bundle/ui/jquery-ui-1.8.12.custom.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 4976 HTML/external/jquery-ui/development-bundle/ui/jquery-ui-1.8.12.custom.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 4988 HTML/external/jquery-ui/development-bundle/ui/jquery-ui-1.8.12.custom.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 5013 HTML/external/jquery-ui/development-bundle/ui/jquery-ui-1.8.12.custom.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 5463 HTML/external/jquery-ui/development-bundle/ui/jquery-ui-1.8.12.custom.js
Key Hardcoded A hardcoded key in plain text was identified. 6413 HTML/external/jquery-ui/development-bundle/ui/jquery-ui-1.8.12.custom.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 6559 HTML/external/jquery-ui/development-bundle/ui/jquery-ui-1.8.12.custom.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8104 HTML/external/jquery-ui/development-bundle/ui/jquery-ui-1.8.12.custom.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8290 HTML/external/jquery-ui/development-bundle/ui/jquery-ui-1.8.12.custom.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8860 HTML/external/jquery-ui/development-bundle/ui/jquery-ui-1.8.12.custom.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 9018 HTML/external/jquery-ui/development-bundle/ui/jquery-ui-1.8.12.custom.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 11069 HTML/external/jquery-ui/development-bundle/ui/jquery-ui-1.8.12.custom.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 23 HTML/external/jquery-ui/development-bundle/ui/jquery.ui.button.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 719 HTML/external/jquery-ui/development-bundle/ui/jquery.ui.tabs.js
Key Hardcoded A hardcoded key in plain text was identified. 590 HTML/external/jquery-ui/development-bundle/ui/jquery.ui.dialog.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 736 HTML/external/jquery-ui/development-bundle/ui/jquery.ui.dialog.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 147 HTML/external/jquery-ui/development-bundle/ui/jquery.ui.datepicker.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 717 HTML/external/jquery-ui/development-bundle/ui/jquery.ui.datepicker.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 875 HTML/external/jquery-ui/development-bundle/ui/jquery.ui.datepicker.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 66 HTML/external/jquery-ui/development-bundle/ui/jquery.ui.core.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 65 HTML/external/jquery-ui/development-bundle/ui/jquery.ui.mouse.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 34 HTML/external/jquery-ui/development-bundle/ui/minified/jquery.ui.tabs.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 37 HTML/external/jquery-ui/development-bundle/ui/minified/jquery.ui.dialog.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 16 HTML/external/jquery-ui/development-bundle/ui/minified/jquery.ui.autocomplete.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 17 HTML/external/jquery-ui/development-bundle/ui/minified/jquery.ui.autocomplete.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 18 HTML/external/jquery-ui/development-bundle/ui/minified/jquery.ui.autocomplete.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 19 HTML/external/jquery-ui/development-bundle/ui/minified/jquery.ui.autocomplete.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 17 HTML/external/jquery-ui/development-bundle/ui/minified/jquery.ui.datepicker.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 42 HTML/external/jquery-ui/development-bundle/ui/minified/jquery.ui.datepicker.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 48 HTML/external/jquery-ui/development-bundle/ui/minified/jquery.ui.datepicker.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 14 HTML/external/jquery-ui/development-bundle/ui/minified/jquery.ui.mouse.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 11 HTML/external/jquery-ui/development-bundle/ui/minified/jquery.ui.core.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 15 HTML/external/jquery-ui/development-bundle/ui/minified/jquery.effects.explode.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 55 HTML/external/jquery-ui/development-bundle/ui/minified/jquery.ui.sortable.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 14 HTML/external/jquery-ui/development-bundle/ui/minified/jquery.ui.button.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 101 HTML/external/jquery-ui/development-bundle/external/jquery.metadata.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 294 HTML/external/jquery-ui/development-bundle/external/qunit.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 312 HTML/external/jquery-ui/development-bundle/external/qunit.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 565 HTML/external/jquery-ui/development-bundle/external/qunit.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 685 HTML/external/jquery-ui/development-bundle/external/qunit.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 11 HTML/external/jquery-ui/js/jquery-ui-1.8.12.custom.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 46 HTML/external/jquery-ui/js/jquery-ui-1.8.12.custom.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 265 HTML/external/jquery-ui/js/jquery-ui-1.8.12.custom.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 316 HTML/external/jquery-ui/js/jquery-ui-1.8.12.custom.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 317 HTML/external/jquery-ui/js/jquery-ui-1.8.12.custom.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 318 HTML/external/jquery-ui/js/jquery-ui-1.8.12.custom.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 319 HTML/external/jquery-ui/js/jquery-ui-1.8.12.custom.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 346 HTML/external/jquery-ui/js/jquery-ui-1.8.12.custom.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 394 HTML/external/jquery-ui/js/jquery-ui-1.8.12.custom.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 464 HTML/external/jquery-ui/js/jquery-ui-1.8.12.custom.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 482 HTML/external/jquery-ui/js/jquery-ui-1.8.12.custom.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 507 HTML/external/jquery-ui/js/jquery-ui-1.8.12.custom.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 513 HTML/external/jquery-ui/js/jquery-ui-1.8.12.custom.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 665 HTML/external/jquery-ui/js/jquery-ui-1.8.12.custom.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 16 HTML/external/jquery-ui/js/jquery-1.5.1.min.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 16 HTML/external/jquery-ui/js/jquery-1.5.1.min.js
Server Side Injection(SSI) - new Function() User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 16 HTML/external/jquery-ui/js/jquery-1.5.1.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 17 HTML/external/syntaxhighlighter_3.0.83/scripts/shCore.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 17 HTML/external/syntaxhighlighter_3.0.83/scripts/shAutoloader.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 17 HTML/external/syntaxhighlighter_3.0.83/scripts/shLegacy.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 381 HTML/external/syntaxhighlighter_3.0.83/tests/js/jquery-1.4.2.js
Server Side Injection(SSI) - new Function() User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 513 HTML/external/syntaxhighlighter_3.0.83/tests/js/jquery-1.4.2.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 769 HTML/external/syntaxhighlighter_3.0.83/tests/js/jquery-1.4.2.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1196 HTML/external/syntaxhighlighter_3.0.83/tests/js/jquery-1.4.2.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 5242 HTML/external/syntaxhighlighter_3.0.83/tests/js/jquery-1.4.2.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 5769 HTML/external/syntaxhighlighter_3.0.83/tests/js/jquery-1.4.2.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 243 HTML/external/syntaxhighlighter_3.0.83/tests/js/qunit.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 312 HTML/external/syntaxhighlighter_3.0.83/tests/js/qunit.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 330 HTML/external/syntaxhighlighter_3.0.83/tests/js/qunit.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 508 HTML/external/syntaxhighlighter_3.0.83/tests/js/qunit.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 601 HTML/external/syntaxhighlighter_3.0.83/tests/js/qunit.js
Missing Security Features
Issue Description
Missing Security Header - X-Frame-Options (XFO) X-Frame-Options (XFO) header provides protection against Clickjacking attacks.
Missing Security Header - Content-Security-Policy (CSP) Content Security Policy (CSP), a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS). CSP Header was not found.
Use Strict Strict Mode allows you to place a program, or a function, in a "strict" operating context. This strict context prevents certain actions from being taken and throws more exceptions.
Missing Security Header - Strict-Transport-Security (HSTS) Strict-Transport-Security (HSTS) header enforces secure (HTTP over SSL/TLS) connections to the server.
Missing 'httpOnly' in Cookie JavaScript can access Cookies if they are not marked httpOnly.
Infromation Disclosure - X-Powered-By Remove the X-Powered-By header to prevent information gathering.
Missing Security Header - X-Content-Type-Options X-Content-Type-Options header prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type.
Missing Security Header - X-Download-Options: noopen X-Download-Options header set to noopen prevents IE users from directly opening and executing downloads in your site's context.
Missing Security Header - X-XSS-Protection:1 X-XSS-Protection header set to 1 enables the Cross-site scripting (XSS) filter built into most recent web browsers.
Missing Security Header - Public-Key-Pins (HPKP) Public-Key-Pins (HPKP) ensures that certificate is Pinned.
Outdated Libraries
File Library Reference