See magereport: https://www.magereport.com/scan/?s=https://deadwoodknives.com/
Various High Risk Issues 14 immediate security threats, mentioned here: https://webscan.upguard.com/#/https://deadwoodknives.com/
1469 recommendations for improvement, many also security related:
https://webhint.io/scanner/8abfceb3-0c68-4eb1-87fa-bc594ec0621b
Cloaking, iframes and differing status codes detected: http://www.isithacked.com/check/https%3A%2F%2Fdeadwoodknives.com%2F
Retirable jQuery libraries detected:
Retire.js bootstrap 3.3.5 Found in -https://deadwoodknives.com/pub/static/frontend/Meigee/knock-child/en_US/Meigee_Knock/js/bootstrap.min.js Vulnerability info: High 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331 Medium 20184 XSS in data-target property of scrollspy CVE-2018-14041 Medium 20184 XSS in collapse data-parent attribute CVE-2018-14040 Medium 20184 XSS in data-container property of tooltip CVE-2018-14042 jquery-migrate 1.2.1 Found in -https://deadwoodknives.com/pub/static/frontend/Meigee/knock-child/en_US/jquery/jquery-migrate.js Vulnerability info: Medium 11290 Selector interpreted as HTML jquery-ui-dialog 1.10.4 Found in -https://deadwoodknives.com/pub/static/frontend/Meigee/knock-child/en_US/jquery/jquery-ui.js Vulnerability info: High CVE-2016-7103 281 XSS Vulnerability on closeText option jquery 1.12.4 Found in -https://deadwoodknives.com/pub/static/frontend/Meigee/knock-child/en_US/jquery.js Vulnerability info: Medium 2432 3rd party CORS request may execute CVE-2015-9251 1234 Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers 123 knockout 3.3.0 Found in -https://deadwoodknives.com/pub/static/frontend/Meigee/knock-child/en_US/knockoutjs/knockout.js Vulnerability info: Medium XSS injection point in attr name binding for browser IE7 and olderAlso consider vulnerabilities in require js: Results from scanning URL: htxps://deadwoodknives.com/pub/static/_requirejs/frontend/Meigee/knock-child/en_US/secure/requirejs-config.js Number of sources found: 15 number of sinks found: 7
A website with a vulnerable Magenta CMS like this one, would certainly fit a Hall o’ Shame listing,
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)