What code error?
found JavaScript
error: line:4: SyntaxError: invalid property id:
error: line:4:
error: line:4: .^
Error properly because of not using the right Syntax.
Where it was found?in: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fmidmas.com%2Fwp-content%2Fthemes%2Fbigbangwp%2Fjavascript%2Fcustom.js%3Fver%3D4.3.5
See how this could work through on: http://www.google-analytics.com/urchin.js (when we see no SRI hashes generated).
And we have that with a B-Status here and just for this code: https://sritest.io/#report/bbfcf2a1-ca9b-456c-890c-f48c6c2f2050
XSS threat if an attacker can change the content of window.location.href, he might change it to “)alert(“Inject successful!”)//”
If they could change it, this is dangerous, because someone could pass
Info credit “Niet the Dark Absol”.
This script was found on a website that was being repeatedly hacked and defaced: https://urlquery.net/report.php?id=1469570397322
Also has vulnerable prettyPhoto aboard very old 3.1.2 version used, which is XSS-DOM vuln.
And there might be more insecurity as the above was found at a first glance over the code…but one could easily now imagine the interrelated insecurity here.
polonus (volunteer website security analyst and website error-hunter)