Vulnerability Scan Result

Target:

http://benyono.dokspace.net/ (redirect)

Scanned target: https://benyono.dokspace.net/16681754.0

Submitted: May 04, 2026 from BW

Public Scan

Scan mode: Passive (non-intrusive)

Summary

high

Info

Low

Medium

High

Critical

Screenshot

Title:	Einloggen - Benyono Testplattform
Description:	No description found

IP Information

ip_address	148.251.10.240
country	DE
network_name	Hetzner Online GmbH
asn	AS24940

Open Ports

25/tcp	smtp	Exim smtpd 4.89
53/tcp	domain	NLnet Labs NSD 4.1.14
80/tcp	http	Apache httpd 2.4.25
110/tcp	tcpwrapped	- -
143/tcp	tcpwrapped	- -
443/tcp	https	Apache httpd 2.4.25

Web Technologies

Software / Version	Category
cdnjs	CDN
Debian	Operating systems
Font Awesome	Font scripts
Material Design Lite	UI frameworks
prettyPhoto	JavaScript libraries
Apache HTTP Server 2.4.25	Web servers
jQuery 1.10.2	JavaScript libraries
jQuery UI 1.10.4	JavaScript libraries
Modernizr 2.6.2	JavaScript libraries
OpenLayers	Maps
PHP	Programming languages
Polyfill 2	JavaScript libraries
Cloudflare	CDN
jsDelivr	CDN
Lodash 1.8.3	JavaScript libraries
Kendo UI 2016.2.504	UI frameworks

Web Application Vulnerabilities

Evidence

CVE	CVSS	EPSS Score	EPSS Percentile	Summary
CVE-2024-38476	9.8	0.04554	0.89234	Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
CVE-2024-38474	9.8	0.00994	0.77029	Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.
CVE-2023-25690	9.8	0.68183	0.98615	Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
CVE-2022-31813	9.8	0.00043	0.13084	Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
CVE-2022-23943	9.8	0.60552	0.983	Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

Vulnerability description

Outdated or vulnerable software components include versions of server-side software that are no longer supported or have known, publicly disclosed vulnerabilities. Using outdated software significantly increases the attack surface of a system and may allow unauthorized access, data leaks, or service disruptions. Vulnerabilities in these components are often well-documented and actively exploited by attackers. Without security patches or vendor support, any weaknesses remain unmitigated, exposing the application to risks. In some cases, even after patching, the reported version may remain unchanged, requiring manual verification.

Risk description

The risk is that an attacker could search for an appropriate exploit (or create one himself) for any of these vulnerabilities and use it to attack the system. Since the vulnerabilities were discovered using only version-based testing, the risk level for this finding will not exceed 'high' severity. Critical risks will be assigned to vulnerabilities identified through accurate active testing methods.

Recommendation

In order to eliminate the risk of these vulnerabilities, we recommend you check the installed software version and upgrade to the latest version.

Classification

CWE	CWE-1035
OWASP Top 10 - 2017
OWASP Top 10 - 2021

Evidence

CVE	CVSS	EPSS Score	EPSS Percentile	Summary
CVE-2020-11023	6.9	0.66129	0.98535	In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	6.9	0.07042	0.91527	In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-11358	6.1	0.02426	0.85206	jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2015-9251	6.1	0.27164	0.96407	jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Vulnerability description

Risk description

Recommendation

In order to eliminate the risk of these vulnerabilities, we recommend you check the installed software version and upgrade to the latest version.

Classification

CWE	CWE-1035
OWASP Top 10 - 2017
OWASP Top 10 - 2021

Evidence

CVE	CVSS	EPSS Score	EPSS Percentile	Summary
CVE-2021-41184	6.5	0.25367	0.96233	jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
CVE-2021-41183	6.5	0.02921	0.86452	jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
CVE-2021-41182	6.5	0.27509	0.96446	jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
CVE-2022-31160	6.1	0.10183	0.93157	jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.
CVE-2016-7103	6.1	0.01397	0.80499	Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

Vulnerability description

Risk description

Recommendation

In order to eliminate the risk of these vulnerabilities, we recommend you check the installed software version and upgrade to the latest version.

Classification

CWE	CWE-1035
OWASP Top 10 - 2017
OWASP Top 10 - 2021

Evidence

URL	Cookie Name	Evidence
https://benyono.dokspace.net/16681754.0	FCS_SESSION_ID	The server responded with Set-Cookie header(s) that does not specify the HttpOnly flag: Set-Cookie: FCS_SESSION_ID=17778853806761071596179219872457

Vulnerability description

We found that a cookie has been set without the HttpOnly flag, which means it can be accessed by potentially malicious JavaScript code running inside the web page. The root cause for this usually revolves around misconfigurations in the code or server settings.

Risk description

The risk is that an attacker who injects malicious JavaScript code on the page (e.g. by using an XSS attack) can access the cookie and can send it to another site. In case of a session cookie, this could lead to session hijacking.

Recommendation

Ensure that the HttpOnly flag is set for all cookies.

Classification

CWE	CWE-1004
OWASP Top 10 - 2017
OWASP Top 10 - 2021

Evidence

URL	Cookie Name	Evidence
https://benyono.dokspace.net/16681754.0	FCS_SESSION_ID	Set-Cookie: FCS_SESSION_ID=17778853806761071596179219872457

Vulnerability description

We found that a cookie has been set without the Secure flag, which means the browser will send it over an unencrypted channel (plain HTTP) if such a request is made. The root cause for this usually revolves around misconfigurations in the code or server settings.

Risk description

The risk exists that an attacker will intercept the clear-text communication between the browser and the server and he will steal the cookie of the user. If this is a session cookie, the attacker could gain unauthorized access to the victim's web session.

Recommendation

Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.

Classification

CWE	CWE-614
OWASP Top 10 - 2017
OWASP Top 10 - 2021

Evidence

URL	Evidence
https://benyono.dokspace.net/16681754.0	Response headers do not include the X-Content-Type-Options HTTP security header

Vulnerability description

We noticed that the target application's server responses lack the X-Content-Type-Options header. This header is particularly important for preventing Internet Explorer from reinterpreting the content of a web page (MIME-sniffing) and thus overriding the value of the Content-Type header.

Risk description

The risk is that lack of this header could make possible attacks such as Cross-Site Scripting or phishing in Internet Explorer browsers.

Recommendation

We recommend setting the X-Content-Type-Options header such as `X-Content-Type-Options: nosniff`.

Classification

CWE	CWE-693
OWASP Top 10 - 2017
OWASP Top 10 - 2021

Evidence

URL	Evidence
https://benyono.dokspace.net/16681754.0	Response does not include the HTTP Content-Security-Policy security header or meta tag

Vulnerability description

We noticed that the target application lacks the Content-Security-Policy (CSP) header in its HTTP responses. The CSP header is a security measure that instructs web browsers to enforce specific security rules, effectively preventing the exploitation of Cross-Site Scripting (XSS) vulnerabilities.

Risk description

The risk is that if the target application is vulnerable to XSS, lack of this header makes it easily exploitable by attackers.

Recommendation

Configure the Content-Security-Header to be sent with each HTTP response in order to apply the specific policies needed by the application.

Classification

CWE	CWE-1021
OWASP Top 10 - 2017
OWASP Top 10 - 2021

Evidence

URL	Evidence
https://benyono.dokspace.net/16681754.0	Response headers do not include the Referrer-Policy HTTP security header as well as the `<meta/>` tag with name 'referrer' is not present in the response.

Vulnerability description

We noticed that the target application's server responses lack the Referrer-Policy HTTP header, which controls how much referrer information the browser will send with each request originated from the current web application.

Risk description

The risk is that if a user visits a web page (e.g. "http://example.com/pricing/") and clicks on a link from that page going to e.g. "https://www.google.com", the browser will send to Google the full originating URL in the `Referer` header, assuming the Referrer-Policy header is not set. The originating URL could be considered sensitive information and it could be used for user tracking.

Recommendation

The Referrer-Policy header should be configured on the server side to avoid user tracking and inadvertent information leakage. The value `no-referrer` of this header instructs the browser to omit the Referer header entirely.

Classification

CWE	CWE-693
OWASP Top 10 - 2017
OWASP Top 10 - 2021

Evidence

Software / Version	Category
cdnjs	CDN
Debian	Operating systems
Font Awesome	Font scripts
Material Design Lite	UI frameworks
prettyPhoto	JavaScript libraries
Apache HTTP Server 2.4.25	Web servers
jQuery 1.10.2	JavaScript libraries
jQuery UI 1.10.4	JavaScript libraries
Modernizr 2.6.2	JavaScript libraries
OpenLayers	Maps
PHP	Programming languages
Polyfill 2	JavaScript libraries
Cloudflare	CDN
jsDelivr	CDN
Lodash 1.8.3	JavaScript libraries
Kendo UI 2016.2.504	UI frameworks

Vulnerability description

We noticed that server software and technology details are exposed, potentially aiding attackers in tailoring specific exploits against identified systems and versions.

Risk description

The risk is that an attacker could use this information to mount specific attacks against the identified software type and version.

Recommendation

We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.

Classification

CWE	CWE-200
OWASP Top 10 - 2017
OWASP Top 10 - 2021

Evidence

URL	Evidence
https://benyono.dokspace.net/16681754.0	Response headers do not include the HTTP Strict-Transport-Security header

Vulnerability description

We noticed that the target application lacks the HTTP Strict-Transport-Security header in its responses. This security header is crucial as it instructs browsers to only establish secure (HTTPS) connections with the web server and reject any HTTP connections.

Risk description

The risk is that lack of this header permits an attacker to force a victim user to initiate a clear-text HTTP connection to the server, thus opening the possibility to eavesdrop on the network traffic and extract sensitive information (e.g. session cookies).

Recommendation

The Strict-Transport-Security HTTP header should be sent with each HTTPS response. The syntax is as follows: `Strict-Transport-Security: max-age=<seconds>[; includeSubDomains]` The parameter `max-age` gives the time frame for requirement of HTTPS in seconds and should be chosen quite high, e.g. several months. A value below 7776000 is considered as too low by this scanner check. The flag `includeSubDomains` defines that the policy applies also for sub domains of the sender of the response.

Classification

CWE	CWE-693
OWASP Top 10 - 2017
OWASP Top 10 - 2021

Evidence

URL	Method	Summary
https://benyono.dokspace.net/16681754.0	OPTIONS	We did a HTTP OPTIONS request. The server responded with a 200 status code and the header: `Allow: GET,HEAD,POST,OPTIONS,HEAD,HEAD` Request / Response

Vulnerability description

We have noticed that the webserver responded with an Allow HTTP header when an OPTIONS HTTP request was sent. This method responds to requests by providing information about the methods available for the target resource.

Risk description

The only risk this might present nowadays is revealing debug HTTP methods that can be used on the server. This can present a danger if any of those methods can lead to sensitive information, like authentication information, secret keys.

Recommendation

We recommend that you check for unused HTTP methods or even better, disable the OPTIONS method. This can be done using your webserver configuration.

Classification

CWE	CWE-16
OWASP Top 10 - 2017
OWASP Top 10 - 2021

Evidence

URL	Method	Parameters	Evidence
https://benyono.dokspace.net/lib/config_js.comp	GET	Query: doctype=login forumid=2778 id= v= Headers: User-Agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Cookies: FCS_COUNTER_2778=202022464 FCS_SESSION_ID=17778853818897489370840514630333	Email Address: office@dokspace.com

Vulnerability description

We noticed that this web application exposes email addresses, which might be unintended. While not inherently a vulnerability, this information could be leveraged in social engineering or spam related activities.

Risk description

The risk is that exposed email addresses within the application could be accessed by unauthorized parties. This could lead to privacy violations, spam, phishing attacks, or other forms of misuse.

Recommendation

Compartmentalize the application to have 'safe' areas where trust boundaries can be unambiguously drawn. Do not allow email addresses to go outside of the trust boundary, and always be careful when interfacing with a compartment outside of the safe area.

Classification

CWE	CWE-200
OWASP Top 10 - 2017
OWASP Top 10 - 2021

Evidence

URL	Evidence
https://benyono.dokspace.net/16681754.0	`<input tabindex="1" id="loginform-input-username" type="text" name="username" value="" maxlength="230"> <input tabindex="2" id="loginform-input-password" type="password" name="password" value="" maxlength="30"> <input tabindex="4" class="btn" type="submit" name="Submit" value=" Login ">`

Vulnerability description

We have discovered that the target application presents a login interface that could be a potential target for attacks. While login interfaces are standard for user authentication, they can become vulnerabilities if not properly secured.

Risk description

The risk is that an attacker could use this interface to mount brute force attacks against known passwords and usernames combinations leaked throughout the web.

Recommendation

Ensure each interface is not bypassable using common knowledge of the application or leaked credentials using occasional password audits.

Classification

CWE	CWE-287
OWASP Top 10 - 2017
OWASP Top 10 - 2021

Evidence

URL	Method	Parameters	Evidence
https://benyono.dokspace.net/16681754.0	GET	Headers: User-Agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36	Operating system paths found in the HTTP response: `/lib/faviconprint.comp` `/lib/loadcss.comp` `/lib/config_js.comp` `/lib/loadjs.comp`

Vulnerability description

We found operating system paths returned in a HTTP response.

Risk description

The risk is that path disclosure may help an attacker learn more about the remote server's file system, thus increasing the effectiveness and precision of any future attacks.

Recommendation

Configure the web server to avoid leaking path information by using generic error messages that do not reveal any internal file paths. Make sure no server file is referred with its absolute path in the website code.

Classification

CWE	CWE-200
OWASP Top 10 - 2017
OWASP Top 10 - 2021

Evidence

URL	Method	Parameters	Evidence
https://benyono.dokspace.net/lib/config_js.comp	GET	Query: doctype=login forumid=2778 id= v= Headers: User-Agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Cookies: FCS_COUNTER_2778=202022464 FCS_SESSION_ID=17778853818897489370840514630333	Possible API endpoint found at `/lib/config_js.comp`

Vulnerability description

We found API endpoints while crawling the given web application.

Risk description

These endpoints may represent an attack surface for malicious actors interested in API-specific vulnerabilities.

Recommendation

Use the API Scanner to perform a more thorough vulnerability check for these endpoints, if an API specification is present.

Infrastructure Vulnerabilities

Evidence

CVE	CVSS	EPSS Score	EPSS Percentile	CISA KEV	Summary
CVE-2023-42117	9.8	0.0735	0.91733	No	Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17554.
CVE-2023-42116	9.8	0.06734	0.91324	No	Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17515.
CVE-2023-42115	9.8	0.70686	0.9871	No	Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17434.
CVE-2022-37452	9.8	0.04696	0.89397	No	Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
CVE-2020-28026	9.8	0.04287	0.88899	No	Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root.

Vulnerability description

Vulnerabilities found for Exim Smtpd 4.89

Risk description

These vulnerabilities expose the affected applications to the risk of unauthorized access to confidential data and possibly to denial of service attacks. An attacker could search for an appropriate exploit (or create one) for any of these vulnerabilities and use it to attack the system. Notes: - The vulnerabilities are identified based on the server's version.; - Only the first 5 vulnerabilities with the highest risk are shown for each port.; Since the vulnerabilities were discovered using only version-based testing, the risk level for this finding will not exceed "high" severity. Critical risks will be assigned to vulnerabilities identified through accurate active testing methods.

Recommendation

We recommend you to upgrade the affected software to the latest version in order to eliminate the risks imposed by these vulnerabilities.

Evidence

CVE	CVSS	EPSS Score	EPSS Percentile	CISA KEV	Summary
CVE-2024-38476	9.8	0.04554	0.89234	No	Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
CVE-2024-38474	9.8	0.00994	0.77029	No	Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.
CVE-2023-25690	9.8	0.68183	0.98615	No	Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
CVE-2022-31813	9.8	0.00043	0.13084	No	Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
CVE-2022-23943	9.8	0.60552	0.983	No	Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

Vulnerability description

Vulnerabilities found for Apache HTTP Server 2.4.25

Risk description

Recommendation

We recommend you to upgrade the affected software to the latest version in order to eliminate the risks imposed by these vulnerabilities.

Evidence

CVE	CVSS	EPSS Score	EPSS Percentile	CISA KEV	Summary
CVE-2021-41184	6.5	0.25367	0.96233	No	jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
CVE-2021-41183	6.5	0.02921	0.86452	No	jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
CVE-2021-41182	6.5	0.27509	0.96446	No	jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
CVE-2022-31160	6.1	0.10183	0.93157	No	jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.
CVE-2016-7103	6.1	0.01397	0.80499	No	Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

Vulnerability description

Vulnerabilities found for jQuery UI 1.10.4

Risk description

Recommendation

We recommend you to upgrade the affected software to the latest version in order to eliminate the risks imposed by these vulnerabilities.

Evidence

CVE	CVSS	EPSS Score	EPSS Percentile	CISA KEV	Summary
CVE-2020-11023	6.9	0.66129	0.98535	Yes	In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	6.9	0.07042	0.91527	No	In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-11358	6.1	0.02426	0.85206	No	jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2015-9251	6.1	0.27164	0.96407	No	jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Vulnerability description

Vulnerabilities found for jQuery 1.10.2

Risk description

Recommendation

We recommend you to upgrade the affected software to the latest version in order to eliminate the risks imposed by these vulnerabilities.

Evidence

We managed to detect that exim has reached the End-of-Life (EOL).

Version detected: 4.89 End-of-life date: 2017-12-19 Latest version for the cycle: 4.89.1 This release cycle (4.89) doesn't have long-term-support (LTS). The cycle was released on 2017-03-07 and its latest release date was 2017-11-29.

Risk description

Using end-of-life (EOL) software poses significant security risks for organizations. EOL software no longer receives updates, including critical security patches. This creates a vulnerability landscape where known and potentially new security flaws remain unaddressed, making the software an attractive target for malicious actors. Attackers can exploit these vulnerabilities to gain unauthorized access, disrupt services, or steal sensitive data. Moreover, without updates, compatibility issues arise with newer technologies, leading to operational inefficiencies and increased potential for system failures. Additionally, regulatory and compliance risks accompany the use of EOL software. Many industries have strict data protection regulations that require up-to-date software to ensure the highest security standards. Non-compliance can result in hefty fines and legal consequences. Organizations also risk damaging their reputation if a breach occurs due to outdated software, eroding customer trust and potentially leading to a loss of business. Therefore, continuing to use EOL software undermines both security posture and business integrity, necessitating timely upgrades and proactive risk management strategies.

Recommendation

To mitigate the risks associated with end-of-life (EOL) software, it's crucial to take proactive steps. Start by identifying any EOL software currently in use within your organization. Once identified, prioritize upgrading or replacing these applications with supported versions that receive regular updates and security patches. This not only helps close security gaps but also ensures better compatibility with newer technologies, enhancing overall system efficiency and reliability.Additionally, develop a comprehensive software lifecycle management plan. This plan should include regular audits to identify upcoming EOL dates and a schedule for timely updates or replacements. Train your IT staff and users about the importance of keeping software up to date and the risks associated with using outdated versions. By maintaining a proactive approach to software management, you can significantly reduce security risks, ensure compliance with industry regulations, and protect your organization's reputation and customer trust.

Evidence

We managed to detect that jQuery has reached the End-of-Life (EOL).

Version detected: 1.10.2 Latest version for the cycle: 1.12.4 This release cycle (1) doesn't have long-term-support (LTS). The cycle was released on 2006-08-31 and its latest release date was 2016-05-20.

Risk description

Recommendation

Evidence

Domain Queried	DNS Record Type	Description	Value
benyono.dokspace.net	A	IPv4 address	148.251.10.240

Risk description

An initial step for an attacker aiming to learn about an organization involves conducting searches on its domain names to uncover DNS records associated with the organization. This strategy aims to amass comprehensive insights into the target domain, enabling the attacker to outline the organization's external digital landscape. This gathered intelligence may subsequently serve as a foundation for launching attacks, including those based on social engineering techniques. DNS records pointing to services or servers that are no longer in use can provide an attacker with an easy entry point into the network.

Recommendation

We recommend reviewing all DNS records associated with the domain and identifying and removing unused or obsolete records.

Evidence

Software / Version	Category
PHP	Programming languages
OpenLayers	Maps
Debian	Operating systems
Material Design Lite	UI frameworks
Material UI	UI frameworks
Apache HTTP Server 2.4.25	Web servers
React	JavaScript frameworks
Cloudflare	CDN
Polyfill 2	JavaScript libraries
Lodash	JavaScript libraries
jsDelivr	CDN
jQuery UI 1.10.4	JavaScript libraries
jQuery 1.10.2	JavaScript libraries
cdnjs	CDN

Vulnerability description

We noticed that server software and technology details are exposed, potentially aiding attackers in tailoring specific exploits against identified systems and versions.

Risk description

The risk is that an attacker could use this information to mount specific attacks against the identified software type and version.

Recommendation

We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.