Vulnerability Scan Result
| Title: | Crowdfunding bei wemakeit |
| Description: | Gemeinsam Projekte starten: wemakeit ist die Crowdfunding-Plattform für kreative Ideen und innovative Produkte. Mach mit! |
| IP address | 216.24.57.1 |
| Country | US  |
| AS number | AS397273 |
| Net name | Render |
80/tcp | http | Cloudflare http proxy |
443/tcp | https | cloudflare |
8080/tcp | http | Cloudflare http proxy |
8443/tcp | https-alt | cloudflare |
| Software / Version | Category |
|---|---|
| Cloudinary | CDN, Digital asset management |
| Matomo Tag Manager | Tag managers |
| HTTP/3 | Miscellaneous |
| jQuery 1.12.4 | JavaScript libraries |
| jQuery UI 1.12.1 | JavaScript libraries |
| Matomo Analytics | Analytics |
| Open Graph | Miscellaneous |
| Render | PaaS |
| Ruby | Programming languages |
| Ruby on Rails | Web frameworks |
| Vue.js 2.5.13 | JavaScript frameworks |
| Cloudflare | CDN |
| Dropzone 5.7.1 | JavaScript libraries |
Web Application Vulnerabilities
Evidence
| URL | Cookie Name | Evidence |
|---|---|---|
| https://wemakeit.com/users/diana-691 | _session_id | Set-Cookie: _session_id=3ee4ea95f00239deb20ad7f9cad9affe |
Vulnerability description
We found that a cookie has been set without the <code>Secure</code> flag, which means the browser will send it over an unencrypted channel (plain HTTP) if such a request is made. The root cause for this usually revolves around misconfigurations in the code or server settings.
Recommendation
Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.
Classification
| CWE | CWE-614 |
| OWASP Top 10 - 2017 | A6 - Security Misconfiguration |
| OWASP Top 10 - 2021 | A5 - Security Misconfiguration |
Evidence
| Risk Level | CVSS | CVE | Summary | Affected software |
|---|---|---|---|---|
| 6.1 | CVE-2022-31160 | jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`. | jquery_ui 1.12.1 | |
| 4.3 | CVE-2021-41182 | jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. | jquery_ui 1.12.1 | |
| 4.3 | CVE-2021-41183 | jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. | jquery_ui 1.12.1 | |
| 4.3 | CVE-2021-41184 | jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. | jquery_ui 1.12.1 | |
| 4.3 | CVE-2015-9251 | jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. | jquery 1.12.4 | |
| 4.3 | CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. | jquery 1.12.4 | |
| 4.3 | CVE-2020-11023 | In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | jquery 1.12.4 | |
| 4.3 | CVE-2020-11022 | In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | jquery 1.12.4 |
Vulnerability description
We noticed known vulnerabilities in the target application based on the server responses. They are usually related to outdated systems and expose the affected applications to the risk of unauthorized access to confidential data and possibly denial of service attacks. Depending on the system distribution the affected software can be patched but displays the same version, requiring manual checking.
Recommendation
In order to eliminate the risk of these vulnerabilities, we recommend you check the installed software version and upgrade to the latest version.
Classification
| CWE | CWE-1026 |
| OWASP Top 10 - 2017 | A9 - Using Components with Known Vulnerabilities |
| OWASP Top 10 - 2021 | A6 - Vulnerable and Outdated Components |
Evidence
| URL | Evidence |
|---|---|
| https://wemakeit.com/users/diana-691 | Response does not include the HTTP Content-Security-Policy security header or meta tag |
Vulnerability description
We noticed that the target application lacks the Content-Security-Policy (CSP) header in its HTTP responses. The CSP header is a security measure that instructs web browsers to enforce specific security rules, effectively preventing the exploitation of Cross-Site Scripting (XSS) vulnerabilities.
Recommendation
Configure the Content-Security-Header to be sent with each HTTP response in order to apply the specific policies needed by the application.
Classification
| CWE | CWE-693 |
| OWASP Top 10 - 2017 | A6 - Security Misconfiguration |
| OWASP Top 10 - 2021 | A5 - Security Misconfiguration |
Evidence
| URL | Evidence |
|---|---|
| https://wemakeit.com/users/diana-691 | Response headers do not include the HTTP Strict-Transport-Security header |
Vulnerability description
We noticed that the target application lacks the HTTP Strict-Transport-Security header in its responses. This security header is crucial as it instructs browsers to only establish secure (HTTPS) connections with the web server and reject any HTTP connections.
Recommendation
The Strict-Transport-Security HTTP header should be sent with each HTTPS response. The syntax is as follows: `Strict-Transport-Security: max-age=<seconds>[; includeSubDomains]` The parameter `max-age` gives the time frame for requirement of HTTPS in seconds and should be chosen quite high, e.g. several months. A value below 7776000 is considered as too low by this scanner check. The flag `includeSubDomains` defines that the policy applies also for sub domains of the sender of the response.
Classification
| CWE | CWE-693 |
| OWASP Top 10 - 2017 | A6 - Security Misconfiguration |
| OWASP Top 10 - 2021 | A5 - Security Misconfiguration |
Evidence
| Software / Version | Category |
|---|---|
| Cloudinary | CDN, Digital asset management |
| Matomo Tag Manager | Tag managers |
| HTTP/3 | Miscellaneous |
| jQuery 1.12.4 | JavaScript libraries |
| jQuery UI 1.12.1 | JavaScript libraries |
| Matomo Analytics | Analytics |
| Open Graph | Miscellaneous |
| Render | PaaS |
| Ruby | Programming languages |
| Ruby on Rails | Web frameworks |
| Vue.js 2.5.13 | JavaScript frameworks |
| Cloudflare | CDN |
| Dropzone 5.7.1 | JavaScript libraries |
Vulnerability description
We noticed that server software and technology details are exposed, potentially aiding attackers in tailoring specific exploits against identified systems and versions.
Recommendation
We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.
Classification
| OWASP Top 10 - 2017 | A6 - Security Misconfiguration |
| OWASP Top 10 - 2021 | A5 - Security Misconfiguration |
Vulnerability description
Website is accessible.
Vulnerability description
We have noticed that the server is missing the security.txt file, which is considered a good practice for web security. It provides a standardized way for security researchers and the public to report security vulnerabilities or concerns by outlining the preferred method of contact and reporting procedures.
Recommendation
We recommend you to implement the security.txt file according to the standard, in order to allow researchers or users report any security issues they find, improving the defensive mechanisms of your server.
Classification
| OWASP Top 10 - 2017 | A6 - Security Misconfiguration |
| OWASP Top 10 - 2021 | A5 - Security Misconfiguration |
Infrastructure Vulnerabilities
Evidence
| Risk level | CVSS | CVE | Summary | Exploit |
|---|---|---|---|---|
| 6.1 | CVE-2022-31160 | jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`. | N/A | |
| 4.3 | CVE-2021-41182 | jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. | N/A | |
| 4.3 | CVE-2021-41183 | jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. | N/A | |
| 4.3 | CVE-2021-41184 | jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. | N/A |
Vulnerability description
Vulnerabilities found for jQuery UI 1.12.1
Recommendation
We recommend you to upgrade the affected software to the latest version in order to eliminate the risks imposed by these vulnerabilities.
Evidence
| Risk level | CVSS | CVE | Summary | Exploit |
|---|---|---|---|---|
| 4.3 | CVE-2015-9251 | jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. | N/A | |
| 4.3 | CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. | N/A | |
| 4.3 | CVE-2020-11023 | In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | N/A | |
| 4.3 | CVE-2020-11022 | In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | N/A |
Vulnerability description
Vulnerabilities found for jQuery 1.12.4
Recommendation
We recommend you to upgrade the affected software to the latest version in order to eliminate the risks imposed by these vulnerabilities.
Evidence
| Domain Queried | DNS Record Type | Description | Value |
|---|---|---|---|
| wemakeit.com | SPF | Sender Policy Framework | "v=spf1 include:_spf.wemakeit.com include:mail.zendesk.com ~all" |
Vulnerability description
We found that the Sender Policy Framework (SPF) record for the domain is configured with ~all (soft fail), which indicates that emails from unauthorized IP addresses are not explicitly denied. Instead, the recipient mail server is instructed to treat these messages with suspicion but may still accept them. This configuration may not provide enough protection against email spoofing and unauthorized email delivery, leaving the domain more vulnerable to impersonation attempts.
Recommendation
We recommend changing the SPF record's ~all (soft fail) directive to -all (hard fail). The -all setting tells recipient mail servers to reject emails from any IP addresses not listed in the SPF record, providing stronger protection against email spoofing. Ensure that all legitimate IP addresses and services that send emails on behalf of your domain are properly included in the SPF record before implementing this change.
Evidence
| Domain Queried | DNS Record Type | Description | Value |
|---|---|---|---|
| _dmarc.wemakeit.com | TXT | Text record | "v=DMARC1;p=quarantine;sp=quarantine;pct=100;aspf=r;rua=mailto:re+qlc8uv1qaoo@dmarc.postmarkapp.com" |
Vulnerability description
We found that the DMARC record for the domain is not configured with ruf tag. A missing ruf (forensic reporting) tag in a DMARC record indicates that the domain owner has not enabled the collection of detailed failure reports. Forensic reports provide valuable insights into specific instances where emails fail DMARC authentication. Without the ruf tag, the domain administrator loses the ability to receive and analyze these reports, making it difficult to investigate individual email failures or identify targeted phishing or spoofing attacks that may be exploiting weaknesses in the email authentication setup.
Recommendation
We recommend configuring the ruf tag in the DMARC record. This tag specifies where forensic reports should be sent, providing the domain owner with detailed data on DMARC validation failures. Forensic reports allow administrators to analyze why certain emails failed authentication, making it easier to fine-tune DMARC policies or address potential vulnerabilities. Ensure that the ruf email address belongs to a secure and trusted location capable of handling sensitive email data.
Recommendation
To mitigate the risks associated with end-of-life (EOL) software, it's crucial to take proactive steps. Start by identifying any EOL software currently in use within your organization. Once identified, prioritize upgrading or replacing these applications with supported versions that receive regular updates and security patches. This not only helps close security gaps but also ensures better compatibility with newer technologies, enhancing overall system efficiency and reliability.Additionally, develop a comprehensive software lifecycle management plan. This plan should include regular audits to identify upcoming EOL dates and a schedule for timely updates or replacements. Train your IT staff and users about the importance of keeping software up to date and the risks associated with using outdated versions. By maintaining a proactive approach to software management, you can significantly reduce security risks, ensure compliance with industry regulations, and protect your organization's reputation and customer trust.
Recommendation
To mitigate the risks associated with end-of-life (EOL) software, it's crucial to take proactive steps. Start by identifying any EOL software currently in use within your organization. Once identified, prioritize upgrading or replacing these applications with supported versions that receive regular updates and security patches. This not only helps close security gaps but also ensures better compatibility with newer technologies, enhancing overall system efficiency and reliability.Additionally, develop a comprehensive software lifecycle management plan. This plan should include regular audits to identify upcoming EOL dates and a schedule for timely updates or replacements. Train your IT staff and users about the importance of keeping software up to date and the risks associated with using outdated versions. By maintaining a proactive approach to software management, you can significantly reduce security risks, ensure compliance with industry regulations, and protect your organization's reputation and customer trust.
Evidence
| Domain Queried | DNS Record Type | Description | Value |
|---|---|---|---|
| wemakeit.com | A | IPv4 address | 216.24.57.1 |
| wemakeit.com | NS | Name server | ns1.eurodns.com |
| wemakeit.com | NS | Name server | ns2.eurodns.com |
| wemakeit.com | NS | Name server | ns3.eurodns.com |
| wemakeit.com | NS | Name server | ns4.eurodns.com |
| wemakeit.com | MX | Mail server | 10 mail.wemakeit.com |
| wemakeit.com | MX | Mail server | 20 miro.wemakeit.com |
| wemakeit.com | SOA | Start of Authority | ns1.eurodns.com. hostmaster.eurodns.com. 2024060648 43200 7200 1209600 86400 |
| wemakeit.com | TXT | Text record | "facebook-domain-verification=q7fin9tj8rv3gx8b0ydo27v5q4trw0" |
| wemakeit.com | TXT | Text record | "google-site-verification=dAmYQikY1eYwlvxL1tixAUQUKwWUlM7WPuY-qLdUROw" |
| wemakeit.com | TXT | Text record | "google-site-verification=jyGzUvDu6T9QWHcdvDd2lNetCrzBczSB7VidgXQqJQM" |
| wemakeit.com | SPF | Sender Policy Framework | "v=spf1 include:_spf.wemakeit.com include:mail.zendesk.com ~all" |
| wemakeit.com | CAA | Certificate Authority Authorization | 0 issue "letsencrypt.org" |
| wemakeit.com | CAA | Certificate Authority Authorization | 0 issuewild "letsencrypt.org" |
| _dmarc.wemakeit.com | TXT | Text record | "v=DMARC1;p=quarantine;sp=quarantine;pct=100;aspf=r;rua=mailto:re+qlc8uv1qaoo@dmarc.postmarkapp.com" |
Recommendation
We recommend reviewing all DNS records associated with the domain and identifying and removing unused or obsolete records.
Vulnerability description
OS detection couldn't determine the operating system.
Recommendation
Vulnerability checks are skipped for ports that redirect to another port. We recommend scanning the redirected port directly.
Evidence
| DKIM selector | Key type | Key size | Value |
|---|---|---|---|
| k2 | rsa | 1422 | "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA0b90ObWaLDc+i9MtTNmGeWO009hr20fIxhGg6XBT2kjZ1DTThopSe1nAndsupmcBwlQ5Q6LJ+ZAxLcujnPIxM0ZBLmgpkv8u6RfY4eFP8OLvdAW3oSu" "B0DyLDigQX4Sj8wBO4YIdQH6AAmBeOsidsKAFNFUCpc3vCxtBDR12U+cBg724l3sBkMQ8evnz6idnqxq9QAVYh8k4kJ+RP+6cqTdy7LjIm8xY/bQNpQIpGUAuDo2DjLcCDun9DAI4Q/3z+Q0o9QuQIDAQAB;" |
| k3 | rsa | 1422 | "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYGiMSn7fsUqSvfSX40x9R1OlRtbNiCY80lHRIlcKx3XDIR7257aUx+q9CSIARdfTL6KCuLGNFx5g9TgVr6png4ajcieSQGtOehBgxnkDN8aAA5TX0FmFrcefJU0JoxLOF09EKgXxhSSHCk/ekVb0PXSboHXoZ9+EI404F1qhcwXXIgHXTaUthHTut2P6BBZh" "IXIgvDe/w49GchR7MRJqjNb7neEBbYHbgWuBTvvHCg7Gy6m6n9krYK+ROWq3dVvXy9plAGK3ygM+HtjIiMt7arRGMOF0WgDTz7YdN9BGpt6BvXxLnjiQcgS5T9n+cIyPZgiWzDMXNlaEEdKTEKxrwIDAQAB;" |
Evidence
| Software / Version | Category |
|---|---|
| Ruby | Programming languages |
| Ruby on Rails | Web frameworks |
| Cloudinary | CDN, Digital asset management |
| Vue.js 2.5.13 | JavaScript frameworks |
| Render | PaaS |
| jQuery UI 1.12.1 | JavaScript libraries |
| jQuery 1.12.4 | JavaScript libraries |
| Dropzone 5.7.1 | JavaScript libraries |
| Matomo Tag Manager | Tag managers |
| Matomo Analytics | Analytics |
| Cloudflare | CDN |
| Open Graph | Miscellaneous |
| HTTP/3 | Miscellaneous |
Vulnerability description
We noticed that server software and technology details are exposed, potentially aiding attackers in tailoring specific exploits against identified systems and versions.
Recommendation
We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.
Evidence
| Software / Version | Category |
|---|---|
| Cloudflare | CDN |
| HTTP/3 | Miscellaneous |
Vulnerability description
We noticed that server software and technology details are exposed, potentially aiding attackers in tailoring specific exploits against identified systems and versions.
Recommendation
We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.
Evidence
| Software / Version | Category |
|---|---|
| Cloudflare | CDN |
| HTTP/3 | Miscellaneous |
Vulnerability description
We noticed that server software and technology details are exposed, potentially aiding attackers in tailoring specific exploits against identified systems and versions.
Recommendation
We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.