Hello,
I’ve got a report that zenskimagazin.mk has a HTML:Script-inf [Susp] and it’s blocked.
I’ve checked the website and I can’t find any suspicious code. Also checked virustotal, sucuri but nothing detected.
Where to go from here to resolve this issue?
Regards,
Nikola
Where to go from here to resolve this issue?https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438
Hello nstiojanoski,
Wait for the final verdict from avast team, but I do not see it blocked by avast now.
JavaScript errors:
ReferenceError: OA_show is not defined
/:2131ReferenceError: OA_show is not defined
/:2140ReferenceError: OA_show is not defined
/:2148SyntaxError: Invalid regular expression flags
eval ()()
:3:100()
Object.N [as F_c] (:2:148)()
Object.E_u (:3:274)()
Ka (eval at exec_fn (:1:157), :61:375)()
Object.create (eval at exec_fn (:1:157), :73:235)()
L (eval at exec_fn (:1:157), :12:208)()
Retirable jQuery: Retire.js
jquery 1.12.4 Found in -https://zenskimagazin.mk/assets/new/js/jquery.min.js
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution 123
Medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
Vulnerability report according to vulners. :
Bootstrap, script Not vulnerable
jQuery, headers - 1.9.1 Not vulnerable
jQuery, script Not vulnerable
In the mean time see the glitches from a 6th December last scan:
https://www.immuniweb.com/websec/?id=t5Exa23e
950 hints towards website improvement: https://webhint.io/scanner/1999a364-3ce1-4899-955c-9de221e5e808
с Новым Годом,
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)