Node.Security

Security Audit of Headjs

ISGroup SRL performed an automated Code Review (not a real Static Analysis, more a grep-on-steroid) of this NodeJS project in order to identify potential security vulnerabilities. We do not guarantee that all the findings are valid, and for sure there are plenty of false-positives and false-negatives (undetected issues) but it's free and your project could benefit from this security analisys. The following data is also available in JSON format!

Possible Security Issues
Issue Description Line File
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1 site/assets/libs/packer/packer.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1 site/assets/libs/packer/words.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 6 site/assets/libs/packer/packer.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 7 site/assets/libs/packer/packer.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 163 site/assets/libs/packer/packer.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1 site/assets/libs/packer/base2.js
Server Side Injection(SSI) - new Function() User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1 site/assets/libs/packer/base2.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2 site/assets/libs/packer/base2.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2 site/assets/libs/packer/base2.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2 site/assets/libs/packer/base2.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1 site/assets/libs/packer/base2.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1 site/assets/libs/packer/base2.min.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1 site/assets/libs/packer/base2.min.js
Server Side Injection(SSI) - new Function() User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1 site/assets/libs/packer/base2.min.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 22 site/assets/libs/packer/words.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 6 site/assets/libs/qunit/qunit-assert-step.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 450 site/assets/libs/qunit/qunit.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 470 site/assets/libs/qunit/qunit.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 493 site/assets/libs/qunit/qunit.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1455 site/assets/libs/qunit/qunit.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1 site/assets/libs/jquery/jquery.min.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1 site/assets/libs/jquery/jquery.min.js
Server Side Injection(SSI) - new Function() User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1 site/assets/libs/jquery/jquery.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3404 site/assets/libs/jquery/jquery.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3461 site/assets/libs/jquery/jquery.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3496 site/assets/libs/jquery/jquery.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 7092 site/assets/libs/jquery/jquery.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 7646 site/assets/libs/jquery/jquery.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 7670 site/assets/libs/jquery/jquery.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 7803 site/assets/libs/jquery/jquery.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8215 site/assets/libs/jquery/jquery.js
Server Side Injection(SSI) - new Function() User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8507 site/assets/libs/jquery/jquery.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 9166 site/assets/libs/jquery/jquery.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 9714 site/assets/libs/jquery/jquery.js
Key Hardcoded A hardcoded key in plain text was identified. 126 src/0.97a/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 377 src/0.97a/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 403 src/0.97a/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 265 src/0.97a/core.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 456 src/1.0.0/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 475 src/1.0.0/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 498 src/1.0.0/load.js
Key Hardcoded A hardcoded key in plain text was identified. 549 src/1.0.0/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 602 src/1.0.0/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 673 src/1.0.0/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 300 src/1.0.0/core.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 413 src/2.0.0/responsive.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 432 src/2.0.0/load.js
Key Hardcoded A hardcoded key in plain text was identified. 520 src/2.0.0/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 572 src/2.0.0/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 643 src/2.0.0/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 683 src/2.0.0/load.js
Key Hardcoded A hardcoded key in plain text was identified. 185 src/0.98/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 506 src/0.98/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 525 src/0.98/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 594 src/0.98/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 611 src/0.98/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 291 src/0.98/core.js
Key Hardcoded A hardcoded key in plain text was identified. 184 src/0.99/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 502 src/0.99/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 521 src/0.99/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 590 src/0.99/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 607 src/0.99/load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 290 src/0.99/core.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1 dist/0.97a/head.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1 dist/0.97a/head.css3.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 265 dist/0.97a/head.js
Key Hardcoded A hardcoded key in plain text was identified. 551 dist/0.97a/head.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 802 dist/0.97a/head.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 828 dist/0.97a/head.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1 dist/0.97a/head.load.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1 dist/0.97a/head.core.min.js
Key Hardcoded A hardcoded key in plain text was identified. 126 dist/0.97a/head.load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 377 dist/0.97a/head.load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 403 dist/0.97a/head.load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 265 dist/0.97a/head.css3.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 265 dist/0.97a/head.core.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2 dist/1.0.0/head.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 6 dist/1.0.0/head.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2 dist/1.0.0/head.css3.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 301 dist/1.0.0/head.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 934 dist/1.0.0/head.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 953 dist/1.0.0/head.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 976 dist/1.0.0/head.js
Key Hardcoded A hardcoded key in plain text was identified. 1027 dist/1.0.0/head.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1080 dist/1.0.0/head.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1151 dist/1.0.0/head.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2 dist/1.0.0/head.load.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2 dist/1.0.0/head.core.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 457 dist/1.0.0/head.load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 476 dist/1.0.0/head.load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 499 dist/1.0.0/head.load.js
Key Hardcoded A hardcoded key in plain text was identified. 550 dist/1.0.0/head.load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 603 dist/1.0.0/head.load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 674 dist/1.0.0/head.load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 301 dist/1.0.0/head.css3.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 301 dist/1.0.0/head.core.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2 dist/0.98/head.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 13 dist/0.98/head.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 16 dist/0.98/head.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 17 dist/0.98/head.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2 dist/0.98/head.css3.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 291 dist/0.98/head.js
Key Hardcoded A hardcoded key in plain text was identified. 643 dist/0.98/head.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 964 dist/0.98/head.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 983 dist/0.98/head.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1052 dist/0.98/head.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1069 dist/0.98/head.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 4 dist/0.98/head.load.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 7 dist/0.98/head.load.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8 dist/0.98/head.load.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2 dist/0.98/head.core.min.js
Key Hardcoded A hardcoded key in plain text was identified. 185 dist/0.98/head.load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 506 dist/0.98/head.load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 525 dist/0.98/head.load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 594 dist/0.98/head.load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 611 dist/0.98/head.load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 291 dist/0.98/head.css3.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 291 dist/0.98/head.core.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2 dist/0.99/head.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 6 dist/0.99/head.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2 dist/0.99/head.css3.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 291 dist/0.99/head.js
Key Hardcoded A hardcoded key in plain text was identified. 651 dist/0.99/head.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 969 dist/0.99/head.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 988 dist/0.99/head.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1057 dist/0.99/head.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1074 dist/0.99/head.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2 dist/0.99/head.load.min.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2 dist/0.99/head.core.min.js
Key Hardcoded A hardcoded key in plain text was identified. 185 dist/0.99/head.load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 503 dist/0.99/head.load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 522 dist/0.99/head.load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 591 dist/0.99/head.load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 608 dist/0.99/head.load.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 291 dist/0.99/head.css3.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 291 dist/0.99/head.core.js
Missing Security Features
Issue Description
Missing Security Header - X-Frame-Options (XFO) X-Frame-Options (XFO) header provides protection against Clickjacking attacks.
Missing Security Header - Content-Security-Policy (CSP) Content Security Policy (CSP), a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS). CSP Header was not found.
Missing Security Header - Strict-Transport-Security (HSTS) Strict-Transport-Security (HSTS) header enforces secure (HTTP over SSL/TLS) connections to the server.
Missing 'httpOnly' in Cookie JavaScript can access Cookies if they are not marked httpOnly.
Infromation Disclosure - X-Powered-By Remove the X-Powered-By header to prevent information gathering.
Missing Security Header - X-Content-Type-Options X-Content-Type-Options header prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type.
Missing Security Header - X-Download-Options: noopen X-Download-Options header set to noopen prevents IE users from directly opening and executing downloads in your site's context.
Missing Security Header - X-XSS-Protection:1 X-XSS-Protection header set to 1 enables the Cross-site scripting (XSS) filter built into most recent web browsers.
Missing Security Header - Public-Key-Pins (HPKP) Public-Key-Pins (HPKP) ensures that certificate is Pinned.
Outdated Libraries
File Library Reference