Home/Alerts/Alert detail/

Dangerous JS Functions

Risk:
Low

Type:
Passive

CWE:
CWE-749

Summary: A dangerous JS function seems to be in use that would leave the site vulnerable.

Solution: See the references for security advice on the use of these functions.

References: https://angular.io/guide/security

Top Security News

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)

Bitbucket services “hard down” due to major worldwide outage

SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025

Windows Server 2025 released—here are the new features

Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure

U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Salt Typhoon

TikTok is back up in the US after Trump says he will extend deadline

Common Alerts

MediumHTTP to HTTPS Insecure Transition in Form Post

MediumVulnerable JS Library

HighNoSQL Injection - MongoDB (Time Based)

HighPath Traversal

InformationalBase64 Disclosure

InformationalCross Site Scripting (Persistent) - Spider

InformationalContent-Type Header Empty

LowDangerous JS Functions

HighLDAP Injection

LowDeprecated Feature Policy Header Set

Latest CVE List

CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability

CVE-2020-11023 JQuery Cross-Site Scripting (XSS) Vulnerability

CVE-2024-50603 Aviatrix Controllers OS Command Injection Vulnerability

CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

CVE-2025-21333 Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability

CVE-2025-21334 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability

CVE-2025-21335 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability

CVE-2024-12686 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability

CVE-2023-48365 Qlik Sense HTTP Tunneling Vulnerability

CVE-2025-0282 Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

Common CWEs

HighCWE-309 Use of Password System for Primary Authentication

CWE-786 Access of Memory Location Before Start of Buffer

HighCWE-650 Trusting HTTP Permission Methods on the Server Side

CWE-488 Exposure of Data Element to Wrong Session

CWE-1244 Internal Asset Exposed to Unsafe Debug Access Level or State

CWE-579 J2EE Bad Practices: Non-serializable Object Stored in Session

CWE-193 Off-by-one Error

CWE-373 DEPRECATED: State Synchronization Error

CWE-765 Multiple Unlocks of a Critical Resource

CWE-377 Insecure Temporary File

Free online web security scanner

Don't show website scan report rating on the leaderboard