Webogram Code Review

ISGroup SRL performed an automated Code Review (not a real Static Analysis, more a grep-on-steroid) of this NodeJS project in order to identify potential security vulnerabilities. We do not guarantee that all the findings are valid, and for sure there are plenty of false-positives and false-negatives (undetected issues) but it's free and your project could benefit from this security analisys. The following data is also available in JSON format!

Possible Security Issues

Issue	Description	Line	File
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	913	app/vendor/jquery.nanoscroller/nanoscroller.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	455	app/vendor/clipboard/clipboard.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	318	app/vendor/ui-bootstrap/ui-bootstrap-custom-tpls-0.12.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	476	app/vendor/ui-bootstrap/ui-bootstrap-custom-tpls-0.12.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	479	app/vendor/ui-bootstrap/ui-bootstrap-custom-tpls-0.12.0.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	434	app/vendor/angular-media-player/angular-media-player.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	11	app/vendor/bootstrap/js/bootstrap.min.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	11	app/vendor/bootstrap/js/bootstrap.min.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	146	app/vendor/bootstrap/js/bootstrap.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	272	app/vendor/bootstrap/js/bootstrap.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	361	app/vendor/bootstrap/js/bootstrap.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	990	app/vendor/bootstrap/js/bootstrap.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1010	app/vendor/bootstrap/js/bootstrap.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1623	app/vendor/bootstrap/js/bootstrap.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2100	app/vendor/bootstrap/js/bootstrap.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	115	app/vendor/jquery.emojiarea/jquery.emojiarea.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	382	app/vendor/jquery.emojiarea/jquery.emojiarea.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	417	app/vendor/jquery.emojiarea/jquery.emojiarea.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	567	app/vendor/jquery.emojiarea/jquery.emojiarea.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	632	app/vendor/jquery.emojiarea/jquery.emojiarea.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	102	app/vendor/jquery.emojiarea/jquery.emojiarea-orig.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	385	app/vendor/jquery.emojiarea/jquery.emojiarea-orig.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2	app/vendor/jquery/jquery.min.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	4	app/vendor/jquery/jquery.min.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	4	app/vendor/jquery/jquery.min.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	261	app/vendor/angularjs-toaster/toaster.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	282	app/vendor/angularjs-toaster/toaster.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	294	app/vendor/angularjs-toaster/toaster.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	478	app/vendor/angularjs-toaster/toaster.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	479	app/vendor/angularjs-toaster/toaster.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	13	app/vendor/angularjs-toaster/toaster.min.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3569	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	6479	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	7061	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	7087	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	7315	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	8678	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	9189	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - new Function()	User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	10984	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	13026	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	13048	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	16067	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	16077	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	17243	app/vendor/angular/angular-scenario.js
Username Hardcoded	A hardcoded username in plain text was identified. Store it properly in a config file.	21993	app/vendor/angular/angular-scenario.js
Username Hardcoded	A hardcoded username in plain text was identified. Store it properly in a config file.	21994	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	22337	app/vendor/angular/angular-scenario.js
Key Hardcoded	A hardcoded key in plain text was identified.	24427	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - new Function()	User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	24450	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	25736	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	25774	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	27102	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	27276	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	27277	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	27358	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	27371	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	27389	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	27429	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	34211	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	34503	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	34519	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	34528	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	35313	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	36240	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	36271	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	36384	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	37819	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	38870	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	41628	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	42746	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	42761	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	42857	app/vendor/angular/angular-scenario.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	6	app/vendor/angular/angular-route.min.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	7	app/vendor/angular/angular-route.min.js
Server Side Injection(SSI) - new Function()	User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1139	app/vendor/angular/angular.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3181	app/vendor/angular/angular.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3203	app/vendor/angular/angular.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	6222	app/vendor/angular/angular.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	6232	app/vendor/angular/angular.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	7398	app/vendor/angular/angular.js
Username Hardcoded	A hardcoded username in plain text was identified. Store it properly in a config file.	12148	app/vendor/angular/angular.js
Username Hardcoded	A hardcoded username in plain text was identified. Store it properly in a config file.	12149	app/vendor/angular/angular.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	12492	app/vendor/angular/angular.js
Key Hardcoded	A hardcoded key in plain text was identified.	14582	app/vendor/angular/angular.js
Server Side Injection(SSI) - new Function()	User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	14605	app/vendor/angular/angular.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	15891	app/vendor/angular/angular.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	15929	app/vendor/angular/angular.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	17257	app/vendor/angular/angular.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	17431	app/vendor/angular/angular.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	17432	app/vendor/angular/angular.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	17513	app/vendor/angular/angular.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	17526	app/vendor/angular/angular.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	17544	app/vendor/angular/angular.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	17584	app/vendor/angular/angular.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	24366	app/vendor/angular/angular.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	24658	app/vendor/angular/angular.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	24674	app/vendor/angular/angular.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	24683	app/vendor/angular/angular.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	25468	app/vendor/angular/angular.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	26395	app/vendor/angular/angular.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	26426	app/vendor/angular/angular.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	26539	app/vendor/angular/angular.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	27974	app/vendor/angular/angular.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	29025	app/vendor/angular/angular.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	35	app/vendor/angular/angular.min.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	142	app/vendor/angular/angular.min.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	145	app/vendor/angular/angular.min.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	182	app/vendor/angular/angular.min.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	183	app/vendor/angular/angular.min.js
Server Side Injection(SSI) - new Function()	User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	186	app/vendor/angular/angular.min.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	189	app/vendor/angular/angular.min.js
Server Side Injection(SSI) - new Function()	User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	231	app/vendor/angular/angular.min.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	271	app/vendor/angular/angular.min.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	273	app/vendor/angular/angular.min.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	276	app/vendor/angular/angular.min.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	277	app/vendor/angular/angular.min.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	278	app/vendor/angular/angular.min.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	289	app/vendor/angular/angular.min.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	297	app/vendor/angular/angular.min.js
Key Hardcoded	A hardcoded key in plain text was identified.	64	app/vendor/angular/angular-animate.js
Key Hardcoded	A hardcoded key in plain text was identified.	65	app/vendor/angular/angular-animate.js
Key Hardcoded	A hardcoded key in plain text was identified.	66	app/vendor/angular/angular-animate.js
Key Hardcoded	A hardcoded key in plain text was identified.	67	app/vendor/angular/angular-animate.js
Key Hardcoded	A hardcoded key in plain text was identified.	68	app/vendor/angular/angular-animate.js
Key Hardcoded	A hardcoded key in plain text was identified.	69	app/vendor/angular/angular-animate.js
Key Hardcoded	A hardcoded key in plain text was identified.	533	app/vendor/angular/angular-animate.js
Key Hardcoded	A hardcoded key in plain text was identified.	893	app/vendor/angular/angular-animate.js
Key Hardcoded	A hardcoded key in plain text was identified.	2873	app/vendor/angular/angular-animate.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1011	app/vendor/angular/angular-route.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1021	app/vendor/angular/angular-route.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	6	app/vendor/angular/angular-messages.min.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	7	app/vendor/angular/angular-messages.min.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	511	app/vendor/angular/angular-messages.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	679	app/vendor/angular/angular-messages.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	91	app/js/directives_mobile.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	218	app/js/directives_mobile.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	466	app/js/services.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2177	app/js/services.js
Key Hardcoded	A hardcoded key in plain text was identified.	2627	app/js/services.js
Key Hardcoded	A hardcoded key in plain text was identified.	2790	app/js/services.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3199	app/js/services.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3238	app/js/services.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3280	app/js/services.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3681	app/js/services.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3775	app/js/services.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	4097	app/js/services.js
Key Hardcoded	A hardcoded key in plain text was identified.	4562	app/js/services.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	12	app/js/offline_manager.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	65	app/js/offline_manager.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	188	app/js/message_composer.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	195	app/js/message_composer.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	268	app/js/message_composer.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	306	app/js/message_composer.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	393	app/js/message_composer.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	840	app/js/message_composer.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1109	app/js/message_composer.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1176	app/js/message_composer.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1232	app/js/message_composer.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1622	app/js/message_composer.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1444	app/js/messages_manager.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2072	app/js/messages_manager.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2341	app/js/messages_manager.js
Key Hardcoded	A hardcoded key in plain text was identified.	2582	app/js/messages_manager.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2633	app/js/messages_manager.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	511	app/js/controllers.js
Password Hardcoded	A hardcoded password in plain text was identified. Store it properly in a config file.	4340	app/js/controllers.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	318	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	514	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	565	app/js/directives.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	731	app/js/directives.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	933	app/js/directives.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1274	app/js/directives.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1540	app/js/directives.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1714	app/js/directives.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1736	app/js/directives.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1832	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2076	app/js/directives.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2246	app/js/directives.js
Key Hardcoded	A hardcoded key in plain text was identified.	2270	app/js/directives.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2315	app/js/directives.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2347	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2386	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2392	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2503	app/js/directives.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2534	app/js/directives.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2537	app/js/directives.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2591	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2688	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2713	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2714	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2715	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2732	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2761	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2850	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2858	app/js/directives.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2969	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3040	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3042	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3104	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3106	app/js/directives.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3179	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3351	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3433	app/js/directives.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	75	app/js/lib/i18n.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	163	app/js/lib/mtproto_wrapper.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	248	app/js/lib/mtproto_wrapper.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	262	app/js/lib/mtproto_wrapper.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	387	app/js/lib/ng_utils.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1035	app/js/lib/ng_utils.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1066	app/js/lib/ng_utils.js

Issue	Description
Missing Security Header - X-Frame-Options (XFO)	X-Frame-Options (XFO) header provides protection against Clickjacking attacks.
Missing Security Header - Content-Security-Policy (CSP)	Content Security Policy (CSP), a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS). CSP Header was not found.
Missing Security Header - Strict-Transport-Security (HSTS)	Strict-Transport-Security (HSTS) header enforces secure (HTTP over SSL/TLS) connections to the server.
Missing 'httpOnly' in Cookie	JavaScript can access Cookies if they are not marked httpOnly.
Infromation Disclosure - X-Powered-By	Remove the X-Powered-By header to prevent information gathering.
Missing Security Header - X-Content-Type-Options	X-Content-Type-Options header prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type.
Missing Security Header - X-Download-Options: noopen	X-Download-Options header set to noopen prevents IE users from directly opening and executing downloads in your site's context.
Missing Security Header - X-XSS-Protection:1	X-XSS-Protection header set to 1 enables the Cross-site scripting (XSS) filter built into most recent web browsers.
Missing Security Header - Public-Key-Pins (HPKP)	Public-Key-Pins (HPKP) ensures that certificate is Pinned.

Node.Security

Security Audit of Webogram