Node.Security

Security Audit of Angular-strap

ISGroup SRL performed an automated Code Review (not a real Static Analysis, more a grep-on-steroid) of this NodeJS project in order to identify potential security vulnerabilities. We do not guarantee that all the findings are valid, and for sure there are plenty of false-positives and false-negatives (undetected issues) but it's free and your project could benefit from this security analisys. The following data is also available in JSON format!

Possible Security Issues
Issue Description Line File
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 54 docs/scripts/app.js
Server Side Injection(SSI) - new Function() User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1106 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3052 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3074 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 5994 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 6004 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 7079 test/~1.4.0/components/angular.js
Username Hardcoded A hardcoded username in plain text was identified. Store it properly in a config file. 11217 test/~1.4.0/components/angular.js
Username Hardcoded A hardcoded username in plain text was identified. Store it properly in a config file. 11218 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 11528 test/~1.4.0/components/angular.js
Key Hardcoded A hardcoded key in plain text was identified. 13544 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - new Function() User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 13567 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 14705 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 14743 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 16069 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 16238 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 16239 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 16320 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 16333 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 16351 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 16390 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 22686 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 22977 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 22993 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 23002 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 23780 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 24703 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 24734 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 24847 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 26247 test/~1.4.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 27352 test/~1.4.0/components/angular.js
Key Hardcoded A hardcoded key in plain text was identified. 63 test/~1.4.0/components/angular-animate.js
Key Hardcoded A hardcoded key in plain text was identified. 64 test/~1.4.0/components/angular-animate.js
Key Hardcoded A hardcoded key in plain text was identified. 65 test/~1.4.0/components/angular-animate.js
Key Hardcoded A hardcoded key in plain text was identified. 66 test/~1.4.0/components/angular-animate.js
Key Hardcoded A hardcoded key in plain text was identified. 67 test/~1.4.0/components/angular-animate.js
Key Hardcoded A hardcoded key in plain text was identified. 68 test/~1.4.0/components/angular-animate.js
Key Hardcoded A hardcoded key in plain text was identified. 441 test/~1.4.0/components/angular-animate.js
Key Hardcoded A hardcoded key in plain text was identified. 801 test/~1.4.0/components/angular-animate.js
Key Hardcoded A hardcoded key in plain text was identified. 2730 test/~1.4.0/components/angular-animate.js
Server Side Injection(SSI) - new Function() User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1027 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2578 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 4479 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 4713 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 4723 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 5577 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 9110 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - new Function() User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 11215 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 11453 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 12623 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 12798 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 12799 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 12879 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 12892 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 12909 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 17239 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 18094 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 18282 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 18506 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 18515 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 20004 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 20031 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 20125 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 20345 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 20364 test/~1.2.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 21308 test/~1.2.0/components/angular.js
Key Hardcoded A hardcoded key in plain text was identified. 1150 test/~1.2.0/components/angular-animate.js
Key Hardcoded A hardcoded key in plain text was identified. 1151 test/~1.2.0/components/angular-animate.js
Key Hardcoded A hardcoded key in plain text was identified. 1152 test/~1.2.0/components/angular-animate.js
Key Hardcoded A hardcoded key in plain text was identified. 1153 test/~1.2.0/components/angular-animate.js
Key Hardcoded A hardcoded key in plain text was identified. 1154 test/~1.2.0/components/angular-animate.js
Key Hardcoded A hardcoded key in plain text was identified. 1155 test/~1.2.0/components/angular-animate.js
Server Side Injection(SSI) - new Function() User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 959 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2756 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2778 test/~1.3.0/components/angular.js
Key Hardcoded A hardcoded key in plain text was identified. 4825 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 5013 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 5316 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 5326 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 6361 test/~1.3.0/components/angular.js
Username Hardcoded A hardcoded username in plain text was identified. Store it properly in a config file. 10120 test/~1.3.0/components/angular.js
Username Hardcoded A hardcoded username in plain text was identified. Store it properly in a config file. 10121 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 10455 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - new Function() User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 12665 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 13021 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 13057 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 14371 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 14542 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 14543 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 14624 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 14637 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 14654 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 14691 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 20511 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 20802 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 20818 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 20827 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 21538 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 22456 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 22485 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 22594 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 23944 test/~1.3.0/components/angular.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 24283 test/~1.3.0/components/angular.js
Key Hardcoded A hardcoded key in plain text was identified. 1156 test/~1.3.0/components/angular-animate.js
Key Hardcoded A hardcoded key in plain text was identified. 1619 test/~1.3.0/components/angular-animate.js
Key Hardcoded A hardcoded key in plain text was identified. 1620 test/~1.3.0/components/angular-animate.js
Key Hardcoded A hardcoded key in plain text was identified. 1621 test/~1.3.0/components/angular-animate.js
Key Hardcoded A hardcoded key in plain text was identified. 1622 test/~1.3.0/components/angular-animate.js
Key Hardcoded A hardcoded key in plain text was identified. 1623 test/~1.3.0/components/angular-animate.js
Key Hardcoded A hardcoded key in plain text was identified. 1624 test/~1.3.0/components/angular-animate.js
Key Hardcoded A hardcoded key in plain text was identified. 1625 test/~1.3.0/components/angular-animate.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 79 src/affix/affix.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 69 src/affix/test/affix.spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 93 src/affix/test/affix.spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 108 src/affix/test/affix.spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 140 src/affix/test/affix.spec.js
Key Hardcoded A hardcoded key in plain text was identified. 456 src/timepicker/timepicker.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 458 src/timepicker/timepicker.js
Key Hardcoded A hardcoded key in plain text was identified. 85 src/alert/alert.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 87 src/alert/alert.js
Key Hardcoded A hardcoded key in plain text was identified. 230 src/typeahead/typeahead.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 232 src/typeahead/typeahead.js
Key Hardcoded A hardcoded key in plain text was identified. 142 src/dropdown/dropdown.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 144 src/dropdown/dropdown.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 138 src/dropdown/test/dropdown.spec.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 176 src/tab/tab.js
Key Hardcoded A hardcoded key in plain text was identified. 63 src/aside/aside.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 65 src/aside/aside.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 56 src/button/button.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 60 src/button/button.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 148 src/button/button.js
Key Hardcoded A hardcoded key in plain text was identified. 396 src/modal/modal.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 398 src/modal/modal.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 170 src/tooltip/tooltip.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 273 src/tooltip/tooltip.js
Key Hardcoded A hardcoded key in plain text was identified. 771 src/tooltip/tooltip.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 773 src/tooltip/tooltip.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 843 src/tooltip/test/tooltip.spec.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 855 src/tooltip/test/tooltip.spec.js
Key Hardcoded A hardcoded key in plain text was identified. 306 src/select/select.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 308 src/select/select.js
Key Hardcoded A hardcoded key in plain text was identified. 312 src/datepicker/datepicker.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 314 src/datepicker/datepicker.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 132 src/scrollspy/scrollspy.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 56 src/scrollspy/test/scrollspy.spec.js
Key Hardcoded A hardcoded key in plain text was identified. 75 src/popover/popover.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 77 src/popover/popover.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8 dist/angular-strap.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8 dist/angular-strap.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 9 dist/angular-strap.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 10 dist/angular-strap.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 10 dist/angular-strap.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1 dist/angular-strap.compat.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1 dist/angular-strap.compat.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2 dist/angular-strap.compat.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3 dist/angular-strap.compat.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3 dist/angular-strap.compat.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8 dist/angular-strap.tpl.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 20 dist/angular-strap.tpl.js
Key Hardcoded A hardcoded key in plain text was identified. 170 dist/angular-strap.compat.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 172 dist/angular-strap.compat.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 349 dist/angular-strap.compat.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 485 dist/angular-strap.compat.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 562 dist/angular-strap.compat.js
Key Hardcoded A hardcoded key in plain text was identified. 950 dist/angular-strap.compat.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 952 dist/angular-strap.compat.js
Key Hardcoded A hardcoded key in plain text was identified. 1399 dist/angular-strap.compat.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1401 dist/angular-strap.compat.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1587 dist/angular-strap.compat.js
Key Hardcoded A hardcoded key in plain text was identified. 1922 dist/angular-strap.compat.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1924 dist/angular-strap.compat.js
Key Hardcoded A hardcoded key in plain text was identified. 2035 dist/angular-strap.compat.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2037 dist/angular-strap.compat.js
Key Hardcoded A hardcoded key in plain text was identified. 2433 dist/angular-strap.compat.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2435 dist/angular-strap.compat.js
Key Hardcoded A hardcoded key in plain text was identified. 2557 dist/angular-strap.compat.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2559 dist/angular-strap.compat.js
Key Hardcoded A hardcoded key in plain text was identified. 3478 dist/angular-strap.compat.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3480 dist/angular-strap.compat.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3864 dist/angular-strap.compat.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3868 dist/angular-strap.compat.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3928 dist/angular-strap.compat.js
Key Hardcoded A hardcoded key in plain text was identified. 4172 dist/angular-strap.compat.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 4174 dist/angular-strap.compat.js
Key Hardcoded A hardcoded key in plain text was identified. 4259 dist/angular-strap.compat.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 4261 dist/angular-strap.compat.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 4339 dist/angular-strap.compat.js
Key Hardcoded A hardcoded key in plain text was identified. 170 dist/angular-strap.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 172 dist/angular-strap.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 349 dist/angular-strap.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 485 dist/angular-strap.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 562 dist/angular-strap.js
Key Hardcoded A hardcoded key in plain text was identified. 950 dist/angular-strap.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 952 dist/angular-strap.js
Key Hardcoded A hardcoded key in plain text was identified. 1399 dist/angular-strap.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1401 dist/angular-strap.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1587 dist/angular-strap.js
Key Hardcoded A hardcoded key in plain text was identified. 1922 dist/angular-strap.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1924 dist/angular-strap.js
Key Hardcoded A hardcoded key in plain text was identified. 2035 dist/angular-strap.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2037 dist/angular-strap.js
Key Hardcoded A hardcoded key in plain text was identified. 2433 dist/angular-strap.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2435 dist/angular-strap.js
Key Hardcoded A hardcoded key in plain text was identified. 2557 dist/angular-strap.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2559 dist/angular-strap.js
Key Hardcoded A hardcoded key in plain text was identified. 3478 dist/angular-strap.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3480 dist/angular-strap.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3864 dist/angular-strap.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3868 dist/angular-strap.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3928 dist/angular-strap.js
Key Hardcoded A hardcoded key in plain text was identified. 4172 dist/angular-strap.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 4174 dist/angular-strap.js
Key Hardcoded A hardcoded key in plain text was identified. 4259 dist/angular-strap.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 4261 dist/angular-strap.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 4339 dist/angular-strap.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8 dist/modules/modal.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8 dist/modules/tooltip.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8 dist/modules/tooltip.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 47 dist/modules/button.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 51 dist/modules/button.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 111 dist/modules/button.js
Key Hardcoded A hardcoded key in plain text was identified. 66 dist/modules/alert.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 68 dist/modules/alert.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8 dist/modules/scrollspy.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8 dist/modules/timepicker.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8 dist/modules/alert.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 120 dist/modules/tab.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 90 dist/modules/scrollspy.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 129 dist/modules/tooltip.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 206 dist/modules/tooltip.js
Key Hardcoded A hardcoded key in plain text was identified. 594 dist/modules/tooltip.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 596 dist/modules/tooltip.js
Key Hardcoded A hardcoded key in plain text was identified. 257 dist/modules/datepicker.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 259 dist/modules/datepicker.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 56 dist/modules/affix.js
Key Hardcoded A hardcoded key in plain text was identified. 376 dist/modules/timepicker.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 378 dist/modules/timepicker.js
Key Hardcoded A hardcoded key in plain text was identified. 52 dist/modules/aside.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 54 dist/modules/aside.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8 dist/modules/popover.min.js
Key Hardcoded A hardcoded key in plain text was identified. 169 dist/modules/typeahead.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 171 dist/modules/typeahead.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8 dist/modules/datepicker.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8 dist/modules/tab.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 11 dist/modules/dropdown.tpl.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8 dist/modules/aside.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8 dist/modules/select.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8 dist/modules/typeahead.min.js
Key Hardcoded A hardcoded key in plain text was identified. 302 dist/modules/modal.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 304 dist/modules/modal.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8 dist/modules/button.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8 dist/modules/dropdown.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8 dist/modules/dropdown.tpl.min.js
Key Hardcoded A hardcoded key in plain text was identified. 103 dist/modules/dropdown.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 105 dist/modules/dropdown.js
Key Hardcoded A hardcoded key in plain text was identified. 251 dist/modules/select.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 253 dist/modules/select.js
Key Hardcoded A hardcoded key in plain text was identified. 56 dist/modules/popover.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 58 dist/modules/popover.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8 dist/modules/affix.min.js
Remote OS Command Execution User controlled data in 'child_process.exec()' can result in Remote OS Command Execution. 6 tasks/helpers/reporter.js
Missing Security Features
Issue Description
Missing Security Header - X-Frame-Options (XFO) X-Frame-Options (XFO) header provides protection against Clickjacking attacks.
Missing Security Header - Content-Security-Policy (CSP) Content Security Policy (CSP), a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS). CSP Header was not found.
Missing Security Header - Strict-Transport-Security (HSTS) Strict-Transport-Security (HSTS) header enforces secure (HTTP over SSL/TLS) connections to the server.
Missing 'httpOnly' in Cookie JavaScript can access Cookies if they are not marked httpOnly.
Infromation Disclosure - X-Powered-By Remove the X-Powered-By header to prevent information gathering.
Missing Security Header - X-Content-Type-Options X-Content-Type-Options header prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type.
Missing Security Header - X-Download-Options: noopen X-Download-Options header set to noopen prevents IE users from directly opening and executing downloads in your site's context.
Missing Security Header - X-XSS-Protection:1 X-XSS-Protection header set to 1 enables the Cross-site scripting (XSS) filter built into most recent web browsers.
Missing Security Header - Public-Key-Pins (HPKP) Public-Key-Pins (HPKP) ensures that certificate is Pinned.
Outdated Libraries
File Library Reference