First website was found because of an IDS alert for

ET DNS Query for .su TLD (Soviet Union) Often Malware Related

Then performed a File Viewer scan that gave me the XOOPS appl. and it’s version 2.0 which means it is exploitable by blind sql injection, read:
https://www.exploit-db.com/exploits/14828/

There’s retirable jQuery code: http://retire.insecurity.today/#!/scan/d8a6186c58f3d6cbd06de7a3ed20c3b2a8cc90cdd13a68486a667594c39e8654

DOM XSS vuln: Results from scanning URL: -http://iufspress.ru/themes/R011/js/jquery.slidepanel.js
Number of sources found: 51
Number of sinks found: 33 → http://www.vieweburls.com/www.iufspress.ru

More insecurity to tackle: https://observatory.mozilla.org/analyze.html?host=iufspress.ru

pol