Dear forum users,
Just a random website using Magento webshop CMS software scanned.
See what some “cold reconnaissance third party scanning” may reveal at a first glance.
Here we go. The website for scanning was completely random and taken from a “built-with” repository.
Scanned against MageReport dot com: https://www.magereport.com/scan/?s=https://www.veseys.com/
See: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.veseys.com%2F&ref_sel=GSP2&ua_sel=ff&fs=1
For hxtps://www.veseys.com/static/version1513286763/frontend/Northcloud/Veseys/en_US it cannot be established…
Vulnerable code from; -‘DCKAP_Quickorder/js/jquery.ui.autocomplete.html’,
DOM XSS vuln: Results from scanning URL: hxtps://www.veseys.com/static/version1513286763/frontend/Northcloud/Veseys/en_US/requirejs/require.js
Number of sources found: 15
Number of sinks found: 7
N.B. “Not using strict: uneven strict support in browsers, #392, and causes //problems with requirejs.exec()/transpiler plugins that may not be strict.”.
Webserver version info proliferation: Apache/2.2.22 Ubuntu (exploitable)
See: https://toolbar.netcraft.com/site_report?url=https://www.veseys.com
polonus (volunteer website security analyst and website error-hunter)