Chronos Code Review

ISGroup SRL performed an automated Code Review (not a real Static Analysis, more a grep-on-steroid) of this NodeJS project in order to identify potential security vulnerabilities. We do not guarantee that all the findings are valid, and for sure there are plenty of false-positives and false-negatives (undetected issues) but it's free and your project could benefit from this security analisys. The following data is also available in JSON format!

Possible Security Issues

Issue	Description	Line	File
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	46	src/main/resources/assets/r.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	222	src/main/resources/assets/r.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	946	src/main/resources/assets/r.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1989	src/main/resources/assets/r.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2297	src/main/resources/assets/r.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2333	src/main/resources/assets/r.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2540	src/main/resources/assets/r.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2998	src/main/resources/assets/r.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3180	src/main/resources/assets/r.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	11357	src/main/resources/assets/r.js
Server Side Injection(SSI) - new Function()	User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	15156	src/main/resources/assets/r.js
Server Side Injection(SSI) - new Function()	User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	15218	src/main/resources/assets/r.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	19256	src/main/resources/assets/r.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	19270	src/main/resources/assets/r.js
Server Side Injection(SSI) - new Function()	User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	20839	src/main/resources/assets/r.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	21533	src/main/resources/assets/r.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	22314	src/main/resources/assets/r.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	22660	src/main/resources/assets/r.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	23698	src/main/resources/assets/r.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	23708	src/main/resources/assets/r.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	25021	src/main/resources/assets/r.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	686	src/main/resources/assets/app/scripts/require.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1709	src/main/resources/assets/app/scripts/require.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1995	src/main/resources/assets/app/scripts/require.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	492	src/main/resources/assets/app/scripts/views/job_detail_view.js
Key Hardcoded	A hardcoded key in plain text was identified.	145	src/main/resources/assets/app/scripts/vendor/select2.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	194	src/main/resources/assets/app/scripts/vendor/select2.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	227	src/main/resources/assets/app/scripts/vendor/select2.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	348	src/main/resources/assets/app/scripts/vendor/select2.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1065	src/main/resources/assets/app/scripts/vendor/select2.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1320	src/main/resources/assets/app/scripts/vendor/select2.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1438	src/main/resources/assets/app/scripts/vendor/select2.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	501	src/main/resources/assets/app/scripts/vendor/mousetrap.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	606	src/main/resources/assets/app/scripts/vendor/mousetrap.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	4	src/main/resources/assets/app/scripts/vendor/viz.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	4	src/main/resources/assets/app/scripts/vendor/viz.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	4	src/main/resources/assets/app/scripts/vendor/viz.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	1395	src/main/resources/assets/app/scripts/vendor/backbone.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3	src/main/resources/assets/app/scripts/vendor/jquery-1.10.2.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	4	src/main/resources/assets/app/scripts/vendor/jquery-1.10.2.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	5	src/main/resources/assets/app/scripts/vendor/jquery-1.10.2.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	5	src/main/resources/assets/app/scripts/vendor/jquery-1.10.2.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2248	src/main/resources/assets/app/scripts/vendor/d3.v3.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2279	src/main/resources/assets/app/scripts/vendor/d3.v3.js
Server Side Injection(SSI) - new Function()	User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	5266	src/main/resources/assets/app/scripts/vendor/d3.v3.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	8	src/main/resources/assets/app/scripts/vendor/coffee-script.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	342	src/main/resources/assets/app/scripts/vendor/require-handlebars-plugin/hbs/json2.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	501	src/main/resources/assets/app/scripts/vendor/require-handlebars-plugin/hbs/underscore.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	522	src/main/resources/assets/app/scripts/vendor/require-handlebars-plugin/hbs/underscore.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	548	src/main/resources/assets/app/scripts/vendor/require-handlebars-plugin/hbs/underscore.js
Server Side Injection(SSI) - new Function()	User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	964	src/main/resources/assets/app/scripts/vendor/require-handlebars-plugin/hbs/underscore.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2229	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2274	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2306	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2329	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2469	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2470	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2580	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2608	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2647	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2650	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2728	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2759	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2773	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2844	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2850	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2951	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2973	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3046	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3047	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3073	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3075	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3079	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3081	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3094	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3108	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3113	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3120	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3138	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3155	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3156	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3196	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3220	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3222	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3281	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3316	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3349	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3361	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3380	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3748	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3796	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3821	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3824	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3844	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3858	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3974	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	4428	src/main/resources/assets/app/scripts/vendor/require-less/lessc.js
Server Side Injection(SSI) - eval()	User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	2512	src/main/resources/assets/app/scripts/vendor/tests/chai.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3903	src/main/resources/assets/app/scripts/vendor/tests/mocha.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	3973	src/main/resources/assets/app/scripts/vendor/tests/mocha.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	4000	src/main/resources/assets/app/scripts/vendor/tests/mocha.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	4024	src/main/resources/assets/app/scripts/vendor/tests/mocha.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	130	src/main/resources/assets/app/scripts/vendor/bootstrap/js/bootstrap-modal.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	45	src/main/resources/assets/app/scripts/vendor/bootstrap/js/bootstrap-carousel.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	136	src/main/resources/assets/app/scripts/vendor/bootstrap/js/bootstrap-carousel.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	33	src/main/resources/assets/app/scripts/vendor/bootstrap/js/bootstrap-affix.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	46	src/main/resources/assets/app/scripts/vendor/bootstrap/js/bootstrap-button.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	89	src/main/resources/assets/app/scripts/vendor/bootstrap/js/bootstrap-tooltip.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	101	src/main/resources/assets/app/scripts/vendor/bootstrap/js/bootstrap-tooltip.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	226	src/main/resources/assets/app/scripts/vendor/bootstrap/js/bootstrap-tooltip.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	111	src/main/resources/assets/app/scripts/vendor/require-css/css.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	123	src/main/resources/assets/app/scripts/vendor/require-css/css.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	57	src/main/resources/assets/app/scripts/vendor/jquery/jquery.fastLiveFilter.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	438	src/main/resources/assets/app/scripts/vendor/bootstrap-timepicker/js/bootstrap-timepicker.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	448	src/main/resources/assets/app/scripts/vendor/bootstrap-timepicker/js/bootstrap-timepicker.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	458	src/main/resources/assets/app/scripts/vendor/bootstrap-timepicker/js/bootstrap-timepicker.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	469	src/main/resources/assets/app/scripts/vendor/bootstrap-timepicker/js/bootstrap-timepicker.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	473	src/main/resources/assets/app/scripts/vendor/bootstrap-timepicker/js/bootstrap-timepicker.js
Key Hardcoded	A hardcoded key in plain text was identified.	43	src/main/resources/assets/app/scripts/vendor/bootstrap-timepicker/js/jquery.autotype.js
Key Hardcoded	A hardcoded key in plain text was identified.	113	src/main/resources/assets/app/scripts/vendor/bootstrap-timepicker/js/jquery.autotype.js
Server Side Injection(SSI) - setInterval()	User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	222	src/main/resources/assets/app/scripts/vendor/bootstrap-timepicker/js/jquery.autotype.js
Key Hardcoded	A hardcoded key in plain text was identified.	18	src/main/resources/assets/app/scripts/components/fuzzy_select2.js
Key Hardcoded	A hardcoded key in plain text was identified.	19	src/main/resources/assets/app/scripts/components/fuzzy_select2.js
Key Hardcoded	A hardcoded key in plain text was identified.	20	src/main/resources/assets/app/scripts/components/fuzzy_select2.js
Key Hardcoded	A hardcoded key in plain text was identified.	21	src/main/resources/assets/app/scripts/components/fuzzy_select2.js
Server Side Injection(SSI) - setTimeout()	User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE).	31	src/main/resources/assets/app/scripts/components/pollable_collection.js
Key Hardcoded	A hardcoded key in plain text was identified.	131	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	214	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	325	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	357	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	398	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	430	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	483	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	536	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	589	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	642	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	695	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	748	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	801	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	924	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	992	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	1092	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	1141	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	1171	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	1288	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	1328	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	1508	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	1597	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	1654	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	1793	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	1877	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	1956	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	1991	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	2076	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	2124	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	2201	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	2277	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	2386	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	2510	src/main/resources/assets/app/scripts/parsers/iso8601.js
Key Hardcoded	A hardcoded key in plain text was identified.	2568	src/main/resources/assets/app/scripts/parsers/iso8601.js

Issue	Description
Missing Security Header - X-Frame-Options (XFO)	X-Frame-Options (XFO) header provides protection against Clickjacking attacks.
Missing Security Header - Content-Security-Policy (CSP)	Content Security Policy (CSP), a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS). CSP Header was not found.
Missing Security Header - Strict-Transport-Security (HSTS)	Strict-Transport-Security (HSTS) header enforces secure (HTTP over SSL/TLS) connections to the server.
Missing 'httpOnly' in Cookie	JavaScript can access Cookies if they are not marked httpOnly.
Infromation Disclosure - X-Powered-By	Remove the X-Powered-By header to prevent information gathering.
Missing Security Header - X-Content-Type-Options	X-Content-Type-Options header prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type.
Missing Security Header - X-Download-Options: noopen	X-Download-Options header set to noopen prevents IE users from directly opening and executing downloads in your site's context.
Missing Security Header - X-XSS-Protection:1	X-XSS-Protection header set to 1 enables the Cross-site scripting (XSS) filter built into most recent web browsers.
Missing Security Header - Public-Key-Pins (HPKP)	Public-Key-Pins (HPKP) ensures that certificate is Pinned.

Node.Security

Security Audit of Chronos