Another one vulnerable:
Security
disown-opener: 2 hints
no-disallowed-headers: 1 hints
no-protocol-relative-urls: 2 hints
sri: 16 hints
strict-transport-security: 77 hints
validate-set-cookie-header: 4 hints
x-content-type-options: 55 hints
no-vulnerable-javascript-libraries: 1 hints **
l\/modules\/custom\/multi_sit\/js\/multi_sit.
heim"},{"navn":"Parkbygget studentboliger","
-ww.googletagmanager.com/gtm.js?id='+i+dl;f. -> iFrame: https://sitecheck.sucuri.net/results/https/www.sit.no
Brute-force exploitable?
518 recommendations for website improvement (also security related hints **):
https://webhint.io/scanner/d7a28d07-c3fd-4419-9bf3-7378fc9fcb8a
11 immediate threats detected: https://webscan.upguard.com/#/https://sit.no
On IP: https://www.shodan.io/host/212.125.231.51
With and without parameters this is being blocked by uMatrix for me:
-https://www.googletagmanager.com/ns.html?id=GTM-KHGRZNG
<!-- Google Tag Manager -->
<script>
dataLayer = [
{
'virtualPageUrl': '/error/500/'
}];</blockquote>
query 1.10.2 Found in -https://www.sit.no/sites/default/files/js/js_cMGz3MgNdGfHOWAtQ2ONM-5ZOQ3AYqpqyZDVPTRDsK4.js
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
&
Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.
-v1%3a155xxxxxxxxx15174 -Twitter
polonus