Hi Schimbischi,
Good news as avast online does no longer flag this website.However there are some...
Issues to look into: as retirable code was found on that website:
bootstrap 3.3.4 Found in
-https://www.companisto.com/code/bootstrap/dist/js/bootstrap.min.js _____Vulnerability info:
Medium 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331
Medium 20184 XSS in data-target property of scrollspy CVE-2018-14041
Medium 20184 XSS in collapse data-parent attribute CVE-2018-14040
Medium 20184 XSS in data-container property of tooltip CVE-2018-14042
Medium XSS is possible in the data-target attribute. CVE-2016-10735
jquery 1.11.2.min Found in
-https://cdn.companisto.com/code/scripts/jquery-1.11.2.min.js _____Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
Medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
Medium CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
Files not found as blocked by browser: File not found:
-https://bat.bing.com/bat.js
File not found: -https://www.googletagmanager.com/gtm.js?id=GTM-KHVZHHS
File not found: -https://www.googletagmanager.com/gtm.js?id=GTM-PC9BJK
File not found: -https://cdn.scarabresearch.com/js/1CEA86B5EC4A5E84/scarab-v2.js
Tracker SSL warns:
Website is insecure by default
100% of the trackers on this site could be protecting you from NSA snooping. Tell
-companisto.com to fix it.
Identifiers | All Trackers
Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.
-companisto_6325ea5d4a274 wXw.companisto.comctx_id
Legend
Tracking IDs could be sent safely if this site was secure.
Tracking IDs do not support secure transmission.
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)