Found in sentora, the open software these sites are made with various weaknesses:
Retire.js
bootstrap 3.1.1 Found in -http://www.sentora.org/js/bootstrap.min.js
Vulnerability info:
High 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331 -
Medium 20184 XSS in data-target property of scrollspy CVE-2018-14041 -
Medium 20184 XSS in collapse data-parent attribute CVE-2018-14040 -
Medium 20184 XSS in data-container property of tooltip CVE-2018-14042
and
ReferenceError: jQuery is not defined
/js/jquery.easing.1.3.min.js:37
Bootstrap’s JavaScript requires jQuery
/js/bootstrap.min.js:6
ReferenceError: jQuery is not defined
/js/bootstrap-hover-dropdown.min.js:13
ReferenceError: jQuery is not defined
/js/jquery.flexslider-min.js:5
ReferenceError: jQuery is not defined
/js/jquery.mixitup.min.js:43
ReferenceError: $ is not defined
/js/app.js:1
DOM-XSS issues: Results from scanning URL: -http://sentora.org/js/app.js
Number of sources found: 11 ; Number of sinks found: 1
Results from scanning URL: -http://sentora.org/js/app.js
Number of sources found: 34 ; Number of sinks found: 1 mainly bootstrap.js issues.
89 recommendations for improvement: https://webhint.io/scanner/00f8da5d-ff91-4337-ade7-76f45da5e787
of which 30 are security related: https://webhint.io/scanner/00f8da5d-ff91-4337-ade7-76f45da5e787#category-Security
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)