copper-tone-tech/web-hosts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
web-hosts/domains/coppertone.tech/audit-reports/security-audit/xss-20251123-124317.txt
Derek Williams c7d6786039 Add full web-hosts state
2025-12-26 13:38:04 +01:00

76 lines
12 KiB
Plaintext
Raw Permalink Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# XSS Vulnerability Scan - 20251123-124317
== v-html Usage (Vue XSS vector) ==
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:53: v-html="renderedContent"
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/BusinessPlanGenerator.vue:35: v-html="renderedPlan"
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/GovernanceCharterGenerator.vue:35: v-html="renderedCharter"
/home/administrator/projects/coppertone.tech/frontend/src/views/ArticleDetailView.vue:33: <div class="article-content text-base sm:text-lg text-gray-800 leading-relaxed" v-html="article.content"></div>
/home/administrator/projects/coppertone.tech/frontend/src/views/ServiceDetailView.vue:33: <div class="service-content text-base sm:text-lg text-gray-800 leading-relaxed" v-html="service.content"></div>
== innerHTML Usage ==
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/BusinessPlanGenerator.vue:357: ${planContent.value?.innerHTML || ''}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/GovernanceCharterGenerator.vue:476: ${charterContent.value?.innerHTML || ''}
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.dom.d.ts:10758: * The **`innerHTML`** property of the Element interface gets or sets the HTML or XML markup contained within the element.
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.dom.d.ts:10760: * [MDN Reference](https://developer.mozilla.org/docs/Web/API/Element/innerHTML)
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.dom.d.ts:10762: innerHTML: string;
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.dom.d.ts:30754: * The **`innerHTML`** property of the ShadowRoot interface sets gets or sets the HTML markup to the DOM tree inside the `ShadowRoot`.
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.dom.d.ts:30756: * [MDN Reference](https://developer.mozilla.org/docs/Web/API/ShadowRoot/innerHTML)
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/typescript@5.9.3/node_modules/typescript/lib/lib.dom.d.ts:30758: innerHTML: string;
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/parse5@8.0.0/node_modules/parse5/dist/index.d.ts:65: * @param fragmentContext Parsing context element. If specified, given fragment will be parsed as if it was set to the context element's `innerHTML` property.
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/cypress@15.7.0/node_modules/cypress/types/jquery/JQueryStatic.d.ts:84: * @example ````Create a div element (and all of its contents) dynamically and append it to the body element. Internally, an element is created and its innerHTML property set to the given markup.
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/cypress@15.7.0/node_modules/cypress/types/jquery/JQuery.d.ts:4558: a.push( divs[ i ].innerHTML );
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/cypress@15.7.0/node_modules/cypress/types/jquery/JQuery.d.ts:11472: a.push( divs[ i ].innerHTML );
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/@vue+runtime-dom@3.5.24/node_modules/@vue/runtime-dom/dist/runtime-dom.d.ts:390: innerHTML?: string | undefined;
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/@vue+runtime-dom@3.5.24/node_modules/@vue/runtime-dom/dist/runtime-dom.d.ts:835: innerHTML?: string | undefined;
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/parse5@7.3.0/node_modules/parse5/dist/index.d.ts:65: * @param fragmentContext Parsing context element. If specified, given fragment will be parsed as if it was set to the context element's `innerHTML` property.
/home/administrator/projects/coppertone.tech/frontend/node_modules/.pnpm/parse5@7.3.0/node_modules/parse5/dist/cjs/index.d.ts:65: * @param fragmentContext Parsing context element. If specified, given fragment will be parsed as if it was set to the context element's `innerHTML` property.
/home/administrator/projects/coppertone.tech/frontend/node_modules/.ignored/jsdom/node_modules/parse5/dist/index.d.ts:65: * @param fragmentContext Parsing context element. If specified, given fragment will be parsed as if it was set to the context element's `innerHTML` property.
/home/administrator/projects/coppertone.tech/frontend/node_modules/.ignored/cypress/types/jquery/JQueryStatic.d.ts:84: * @example ````Create a div element (and all of its contents) dynamically and append it to the body element. Internally, an element is created and its innerHTML property set to the given markup.
/home/administrator/projects/coppertone.tech/frontend/node_modules/.ignored/cypress/types/jquery/JQuery.d.ts:4558: a.push( divs[ i ].innerHTML );
/home/administrator/projects/coppertone.tech/frontend/node_modules/.ignored/cypress/types/jquery/JQuery.d.ts:11472: a.push( divs[ i ].innerHTML );
/home/administrator/projects/coppertone.tech/frontend/node_modules/.ignored/typescript/lib/lib.dom.d.ts:10758: * The **`innerHTML`** property of the Element interface gets or sets the HTML or XML markup contained within the element.
/home/administrator/projects/coppertone.tech/frontend/node_modules/.ignored/typescript/lib/lib.dom.d.ts:10760: * [MDN Reference](https://developer.mozilla.org/docs/Web/API/Element/innerHTML)
/home/administrator/projects/coppertone.tech/frontend/node_modules/.ignored/typescript/lib/lib.dom.d.ts:10762: innerHTML: string;
/home/administrator/projects/coppertone.tech/frontend/node_modules/.ignored/typescript/lib/lib.dom.d.ts:30754: * The **`innerHTML`** property of the ShadowRoot interface sets gets or sets the HTML markup to the DOM tree inside the `ShadowRoot`.
/home/administrator/projects/coppertone.tech/frontend/node_modules/.ignored/typescript/lib/lib.dom.d.ts:30756: * [MDN Reference](https://developer.mozilla.org/docs/Web/API/ShadowRoot/innerHTML)
/home/administrator/projects/coppertone.tech/frontend/node_modules/.ignored/typescript/lib/lib.dom.d.ts:30758: innerHTML: string;
/home/administrator/projects/coppertone.tech/frontend/node_modules/parse5/dist/index.d.ts:65: * @param fragmentContext Parsing context element. If specified, given fragment will be parsed as if it was set to the context element's `innerHTML` property.
/home/administrator/projects/coppertone.tech/frontend/node_modules/parse5/dist/cjs/index.d.ts:65: * @param fragmentContext Parsing context element. If specified, given fragment will be parsed as if it was set to the context element's `innerHTML` property.
/home/administrator/projects/coppertone.tech/frontend/node_modules/@vue/runtime-dom/dist/runtime-dom.d.ts:390: innerHTML?: string | undefined;
/home/administrator/projects/coppertone.tech/frontend/node_modules/@vue/runtime-dom/dist/runtime-dom.d.ts:835: innerHTML?: string | undefined;
== document.write Usage ==
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/BusinessPlanGenerator.vue:342: printWindow.document.write(`
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/GovernanceCharterGenerator.vue:453: printWindow.document.write(`
== Template Literal Injection ==
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:96:**${name}** — ${getAnswer('8.2.2')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:99:${getAnswer('1.1.2')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:109:${getAnswer('1.1.1')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:112:${getAnswer('8.2.1')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:115:${getAnswer('8.2.2')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:121:${getAnswer('1.2.1')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:124:${getAnswer('1.2.3')} — ${getAnswer('1.2.4')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:131:> ${getAnswer('1.1.3')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:144:Contact us today to discuss how we can help with ${getAnswer('1.2.1')}.
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:146:**Serving:** ${getAnswer('1.2.2')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:159:${name} is a trust-operated business providing ${getAnswer('1.2.1')}.
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:162:> ${getAnswer('1.1.3')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:165:${getAnswer('1.1.2')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:172:${getAnswer('1.2.3')} — ${getAnswer('1.2.4')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:176:- **Professional Excellence:** ${getAnswer('7.3.2')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:177:- **Client Focus:** ${getAnswer('8.2.2')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:184:${name} operates as a DBA under a ${getAnswer('2.1.3')} trust. This structure provides:
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:188:- Tax efficiency (${getAnswer('2.1.2')})
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:191:${getAnswer('5.1.1')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:198:${getAnswer('3.4.1')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:200:${getAnswer('3.4.2')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:206:**Location:** ${getAnswer('7.1.1')} — ${getAnswer('7.1.2')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:217:${getAnswer('1.2.1')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:224:${getAnswer('7.3.1')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:227:${getAnswer('7.3.2')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:234:${getAnswer('9.3.2')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:241:${getAnswer('1.2.2')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:244:${getAnswer('1.2.3')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:245:${getAnswer('1.2.4')}
/home/administrator/projects/coppertone.tech/frontend/src/components/trustBusiness/WebsiteCopyGenerator.vue:252:${getAnswer('7.2.1')}
Reference in New Issue View Git Blame Copy Permalink