Security Analysis for:
https://cearanoivas.com.br

Snyk’s security scan found the following vulnerabilities affecting your website. Ready to fix your vulnerabilities? Automatically find, fix, and monitor vulnerabilities for free with Snyk.


Fix for free

Full report

 See on WebPageTest

Scan time

 12/8/2022
10:42:02 PM

Webpage Security Score

F

A+ is the best score you can get.
Learn more about this score.
Fix JavaScript vulnerabilities in your project with Snyk (or try the free & open source CLI) Test and protect my website

JavaScript Libraries with vulnerabilities

Great job! No known versions of vulnerable JavaScript libraries were detected in this website.


Monitor my web application's project dependencies

Security headers

HTTP security headers enable better browser security policies.

Recently-discovered vulnerabilities on the Snyk database:

Date disclosed Vulnerable library Vulnerable version detected Vulnerability
2020/06/11
  • H
angular 		<1.8.0 Cross-site Scripting (XSS)
2020/06/07
  • M
angular 		<1.8.0 Cross-site Scripting (XSS)
2020/05/19
  • M
jquery 		<1.9.0 Cross-site Scripting (XSS)
2020/05/11
  • M
buefy 		<0.8.18 Cross-site Scripting (XSS)
2020/04/29
  • M
jquery 		>=1.2.0 <3.5.0 Cross-site Scripting (XSS)
2020/04/28
  • M
lodash 		<4.17.16 Prototype Pollution
2020/04/13
  • M
jquery 		>=1.0.3 <3.5.0 Cross-site Scripting (XSS)
2019/07/02
  • H
lodash 		<4.17.12 Prototype Pollution
2019/02/15
  • H
lodash 		<3.4.1,>=4.0.0 <4.3.1 Cross-site Scripting (XSS)

New vulnerabilities are continuously found for jQuery, lodash, Angular and other libraries.
Monitor these libraries to protect your web application.

Stay up to date on CVEs by connecting your project to Snyk to receive automated notifications & fixes.
The following security headers are missing from the website:
high severity

Strict Transport Security

A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

Strict Transport Security documentation
low severity

X Content Type Options

The only defined value, "nosniff", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions

X Content Type Options documentation
medium severity

X Frame Options

Clickjacking protection: deny - no rendering within a frame, sameorigin - no rendering if origin mismatch, allow-from - allow from specified location, allowall - non-standard, allow from any location

X Frame Options documentation
high severity

Content Security Policy

A computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context

Content Security Policy documentation
low severity

X XSS Protection

A Cross-site scripting filter

X XSS Protection documentation
Report a new vulnerability