A PHP-based Magento CMS website with various security issues...

[polonus]

See: https://www.magereport.com/scan/?s=https://www.hunkemoller.de/
Consider also: https://sonarwhal.com/scanner/0e0d40de-ed63-4cc1-ac6b-af1f374e4d1b
1 vuln. jQuery library detected: https://retire.insecurity.today/#!/scan/b1dbe8bb9397ade271dd9a7f3b8fda8435977b35d12cf49805a03821ec67c6f0
Snyk detects one additionally: Moment.js@2.19.1 has 1 known vulnerabilities (1 low).
See https://snyk.io/vuln/npm:moment for more information.
hxtps://www.hunkemoller.de/de_de/ Final Grade = F with recommendations: https://observatory.mozilla.org/analyze/www.hunkemoller.de
See error

search.qweery.nl/hunkemoller/click.php?u= benign
[nothing detected] (jsvar) -search.qweery.nl/hunkemoller/click.php?u=
     status: (referer=-www.hunkemoller.de/media/js/16b0fae5eae8b337e7ef4b45d5adcc44.js)failure: <urlopen error [Errno -2] Name or service not known>

& in Mage

-www.hunkemoller.de/
     status: (referer=http:/XXX/web?q=puppies)saved 169197 bytes 46ca587ad2376d96f1794a497eb962941a878acd
     info: [script] -www.hunkemoller.de/skin/frontend/hunkemoller/responsive/js/general.js?v=1526304245
     info: [iframe] -www.googletagmanager.com/ns.html?id=GTM-TH94LX
     info: [img] -www.hunkemoller.de/skin/frontend/hunkemoller/responsive/images/responsive-images/white.png
     info: [img] -images-hunkemoller.akamaized.net/catalog/category/SALEQ2_Round2_MenuGBSS_DE.jpg
     info: [img] -images-hunkemoller.akamaized.net/catalog/category/SALEQ2_Round2_MenuNBSS_V2_DE_5.jpg
     info: [img] -images-hunkemoller.akamaized.net/catalog/category/SALEQ2_Round2_MenuBrasforXX_BSS_DE.jpg
     info: [img] -images-hunkemoller.akamaized.net/catalog/category/300x200_DE__2.jpg
     info: [img] -images-hunkemoller.akamaized.net/catalog/category/MenuBBestSS240x200_DE_2.jpg
     info: [img] -images-hunkemoller.akamaized.net/catalog/category/SALEQ2_Round1_MenuNWforXX_BSS_V2_DE.jpg
     info: [img] -images-hunkemoller.akamaized.net/catalog/category/SALEQ2_Round1_MenuSBSS_DE.jpg
     info: [img] -images-hunkemoller.akamaized.net/catalog/category/AMBraA22-5_410_210_V2_DE.jpg
     info: [img] -www.hunkemoller.de/skin/frontend/hunkemoller/responsive/images/responsive-images/white.png
     info: [img] -www.hunkemoller.de/skin/frontend/hunkemoller/responsive/images/responsive-images/black.png
     info: [img] -images-hunkemoller.akamaized.net/wysiwyg/test/SALEQ2_Round2_RBlock1_NEW_DE.jpg
     info: [img] -images-hunkemoller.akamaized.net/wysiwyg/test/SALEQ4_Round2_RBlock2_DE.jpg
     info: [img] -images-hunkemoller.akamaized.net/wysiwyg/test/SALEQ2_RBlock3.1_round2_NEW_DE.jpg
     info: [img] -images-hunkemoller.akamaized.net/wysiwyg/test/SALEQ4_RBlock3.1_SUMMERSALE_DE_2.jpg
     info: [img] -images-hunkemoller.akamaized.net/wysiwyg/test/SALEQ4_RBlock3.1_SUMMERSALE_DE_3.jpg
     info: [img] -images-hunkemoller.akamaized.net/wysiwyg/test/SALEQ4_RBlock3.1_SUMMERSALE_DE_4.jpg
     info: [img] -images-hunkemoller.akamaized.net/wysiwyg/test/SALEQ4_RBlock3.1_SUMMERSALE_DE_5.jpg
     info: [img] -images-hunkemoller.akamaized.net/wysiwyg/test/SALEQ4_RBlock3.1_SUMMERSALE_DE_6.jpg
     info: [img] -images-hunkemoller.akamaized.net/wysiwyg/test/SALEQ2_Round1_RBlock3.2-1_600x630_DE.jpg
     info: [img] -images-hunkemoller.akamaized.net/wysiwyg/SALEQ2_RBlock4_KP-Round3-1_DE.jpg
     info: [img] -images-hunkemoller.akamaized.net/wysiwyg/test/SALEQ2_Round1_RBlock5-2_V2_DE.jpg
     info: [img] -images-hunkemoller.akamaized.net/wysiwyg/test/SALEQ2_Round1_RBlock6.1-2_V2_DE.jpg
     info: [img] -images-hunkemoller.akamaized.net/wysiwyg/test/SALEQ2_Round1_RBlock3.2-V4_DE.jpg
     info: [img] -images-hunkemoller.akamaized.net/wysiwyg/test/SALEQ2_Round1_RBlock7_DE.jpg
     info: [img] -www.hunkemoller.de/skin/frontend/hunkemoller/responsive/images/mob.gif
     info: [script] -www.hunkemoller.de/media/js/16b0fae5eae8b337e7ef4b45d5adcc44.js
     info: [script] -ajax.googleapis.com/ajax/libs/webfont/1.5.10/webfont.js
     info: [script] -www.google.com/recaptcha/api.js
     info: [decodingLevel=0] found JavaScript
     error: undefined variable Mage
     error: undefined variable Mage.Cookies
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var Mage.Cookies = 1;
          error: line:1: ....^
     error: line:3: SyntaxError: missing = in XML attribute:
          error: line:3: <!DOCTYPE html>
          error: line:3: ..............^
     file: 46ca587ad2376d96f1794a497eb962941a878acd: 169197 bytes

suspicious: maxruntime exceeded 10 seconds
&
error

(script) -www.hunkemoller.de/skin/frontend/hunkemoller/responsive/js/general.js?v=1526304245
     status: (referer=-www.hunkemoller.de/)saved 1417 bytes 421310acd18538f6fdaed16cbf21dcea94dcad48
     info: [decodingLevel=0] found JavaScript
     error: undefined variable a.parentNode
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var a.parentNode = 1;
          error: line:1: ....^
     info: [1] no JavaScript
     file: 421310acd18538f6fdaed16cbf21dcea94dcad48: 1417 bytes
     file: adb0d145814f6c4b9b36c5cd5987fef63008c037: 27 bytes

Re: https://urlscan.io/domain/www.hunkemoller.de/ ->
https://urlscan.io/result/6294ed4c-c2e6-4e10-ada1-8c60e1797ce1

polonus (volunteer 3rd party website security analyst and website error-hunter)

[polonus]

Sinks and sources: Results from scanning URL: -//www.google.com/recaptcha/api.js *
Number of sources found: 516
Number of sinks found: 341
Re: http://www.domxssscanner.com/scan?url=https://www.hunkemoller.de

* script

     info: [decodingLevel=0] found JavaScript
     error: line:3: SyntaxError: invalid flag after regular expression: **
          error: line:3: [CFG]['render']||[]).push('onload');window['__client']=true;var po=document.createElement('script');po.type='text/javascript';po.async=true;po.src='hXtps:/www.gstatic.com/recaptcha/api2/v1531117903872/_pl.js';var elem=document.
          error: line:3: ^
     file: 3b74a6dbeaf19ea3c30f531d5705f429e0e77d2d: 718 bytes

Read on this error **:
https://tommcfarlin.com/invalid-regular-expression-flag/  "regular expression of an argument in javascript has to be used here".

pol