Hi -midnight,
No direct threat there, some code to be retired allthough. I give you a report of all insecurities and what should be retired and improved there.
-http://www.picmonkey.com/
Detected libraries:
jquery - 1.7.1 : -http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290http://research.insecurelabs.org/jquery/test/swfobject - 2.2 : -http://www.fastly.picmonkey.com/_/static/js/index_module.4e7259b7e5be4791d6ca.js
1 vulnerable library detected
Canvas fingerprinting performed: Prevented a script on -http://www.fastly.picmonkey.com from capturing the point (0, 0) on the following 300px × 150px canvas:
Prevented a script on -http://www.fastly.picmonkey.com from capturing the following 300px × 150px canvas:
Checking for cloaking
There is a difference of 26532 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that's trying to hide from browsers but make Google think there's something else on the page: Any links with funky anchor text? Yes there are. show.
<a href="#" id="email_suggestion" data-field="[[ field_selector ]]" data-from="[[ current_value ]]" data-to="[[ suggested_value ]]" data-validation_method="[[ validation_method ]]">[[ suggested_value ]]</a>
iframes
Any iframes? Yes there are. show.
<iframe src="//-4411460.fls.doubleclick.net/activityi;src=4411460;type=PicMo0;cat=PicMo0;ord=14214278109625" width="1" height="1" frameborder="0" style="display:none"></iframe>
<iframe src="dialog/no_javascript"></iframe>
<iframe src="//-4411460.fls.doubleclick.net/activityi;src=4411460;type=PicMo0;cat=PicMo0;ord=81188917115439" width="1" height="1" frameborder="0" style="display:none"></iframe>
Just a note, social media buttons often show up here. They are probably OK.
polonus (volunteer website security analyst and website error-hunter)