Author Topic: Not much attention for retirable jQuery library code! (Read 880 times)

polonus · « **on:** June 11, 2018, 11:50:16 PM »

Where: https://retire.insecurity.today/#!/scan/bdc2399622a0f523b9a2796dc8f5d9be6b14c3159d0c1ec38906cfa983fc4682
See error in code:

Quote

-home.bt.com/etc.clientlibs/clientlibs/granite/jquery.min.js
status: saved 113230 bytes 48b04ed0c0b60d52b03bb9e6bf18b02d7a40ec89
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
error: undefined variable cI
file: 48b04ed0c0b60d52b03bb9e6bf18b02d7a40ec89: 113230 bytes

41 sources and 18 sinks found in: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fhome.bt.com%2Fetc.clientlibs%2Fclientlibs%2Fgranite%2Fjquery.min.js

Why? $.parseHTML has ( lots ) of xss issues and can't be labeled as secure in its current implementation

polonus (volunteer website security analyst and website error-hunter)

polonus · « **Reply #1 on:** June 12, 2018, 09:30:34 PM »

Re: https://urlquery.net/report/d405399f-afae-419d-a5ea-cff4313d99d6
See where it is flagged as blacklisted Site: https://sitecheck.sucuri.net/results/www.xymetri.com#
Website Blacklist Status
Domain blacklisted by Norton Safe Web
Domain blacklisted By Yandex (via Sophos)
Error

Quote

-www.xymetri.com/wp-content/themes/v2/c.js
status: saved 2588 bytes 02e5ae37a4248ce0515b9e2b3536dc0f7e29f225
info: [decodingLevel=0] found JavaScript
error: undefined function document.addEventListener
file: 02e5ae37a4248ce0515b9e2b3536dc0f7e29f225: 2588 bytes

Consider also: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.xymetri.com%2Fwp-content

polonus (volunteer website security analyst and website error-hunter)

Author Topic: Not much attention for retirable jQuery library code! (Read 880 times)

polonus

Not much attention for retirable jQuery library code!

polonus

And this one still with malware?