Witam d4rfl0w,
It is not only avast that flags your site as being blacklisted, also McAfee has it blacklisted.
And 1 vendor still flags at VT:
https://www.virustotal.com/gui/url/dbac91801e18e4c964f041ad4063e3c0a87a7e1cbdcbbb9d25a79004fd896767?nocache=1I take it that you do not use MySQL smarty cache anymore, and now work Presta Shop CMS version 1.7.8.7,,
not vulnerable to SQL injection. PrestaShop CMS was being attacked from the 22 second of the previous month. Mind also that your PHP version is outdated!
In case your site is not vulnerable anymore, wait for a final verdict from avast team, as it is their definitions and they are the only ones to come and unblock in case of an FP. I see no CSP was found.
Retirable code detected:
bootstrap 3.2.0 Found in -htxps://5palcow.pl/themes/theme1138/cache/v_90_489ec085cf8d6f42ea9067ec79a88b42.js _____Vulnerability info:
Medium 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331 1
Medium 20184 XSS in data-target property of scrollspy CVE-2018-14041
Medium 20184 XSS in collapse data-parent attribute CVE-2018-14040
Medium 20184 XSS in data-container property of tooltip CVE-2018-14042
Medium XSS is possible in the data-target attribute. CVE-2016-10735
jquery-migrate 1.2.1 Found
- htxps://5palcow.pl/themes/theme1138/cache/v_90_489ec085cf8d6f42ea9067ec79a88b42.js _____Vulnerability info:
Medium 11290 Selector interpreted as HTML 12
jquery 1.11.0 Found in
-htxps://5palcow.pl/themes/theme1138/cache/v_90_489ec085cf8d6f42ea9067ec79a88b42.js _____Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
Medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
Medium CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
pozdrawiam,
polonus (volunteer 3rd party cold reconnaissance website-security-analyst and website error-hunter)