retire.js v2.0.0 Loading from cache: https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/jsrepository.json Loading from cache: https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/npmrepository.json /home/dellwing/git/matomo/libs/bower_components/angular/angular.js ↳ angularjs 1.6.5 angularjs 1.6.5 has known vulnerabilities: severity: low; summary: XSS through SVG if enableSvg is set; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#169-fiery-basilisk-2018-02-02 https://vulnerabledoma.in/ngSanitize1.6.8_bypass.html /home/dellwing/git/matomo/libs/bower_components/angular/angular.min.js ↳ angularjs 1.6.5 angularjs 1.6.5 has known vulnerabilities: severity: low; summary: XSS through SVG if enableSvg is set; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#169-fiery-basilisk-2018-02-02 https://vulnerabledoma.in/ngSanitize1.6.8_bypass.html /home/dellwing/git/matomo/libs/bower_components/angular-animate/angular-animate.min.js ↳ angularjs 1.6.5 angularjs 1.6.5 has known vulnerabilities: severity: low; summary: XSS through SVG if enableSvg is set; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#169-fiery-basilisk-2018-02-02 https://vulnerabledoma.in/ngSanitize1.6.8_bypass.html /home/dellwing/git/matomo/libs/bower_components/angular-cookies/angular-cookies.min.js ↳ angularjs 1.6.5 angularjs 1.6.5 has known vulnerabilities: severity: low; summary: XSS through SVG if enableSvg is set; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#169-fiery-basilisk-2018-02-02 https://vulnerabledoma.in/ngSanitize1.6.8_bypass.html /home/dellwing/git/matomo/libs/bower_components/angular-sanitize/angular-sanitize.min.js ↳ angularjs 1.6.5 angularjs 1.6.5 has known vulnerabilities: severity: low; summary: XSS through SVG if enableSvg is set; https://github.com/angular/angular.js/blob/master/CHANGELOG.md#169-fiery-basilisk-2018-02-02 https://vulnerabledoma.in/ngSanitize1.6.8_bypass.html /home/dellwing/git/matomo/libs/bower_components/jquery-ui/bower.json ↳ jquery-ui 1.10.4 jquery-ui 1.10.4 has known vulnerabilities: severity: high; CVE: CVE-2016-7103, bug: 281, summary: XSS Vulnerability on closeText option; https://github.com/jquery/api.jqueryui.com/issues/281 https://nvd.nist.gov/vuln/detail/CVE-2016-7103 https://snyk.io/vuln/npm:jquery-ui:20160721 /home/dellwing/git/matomo/libs/bower_components/jquery/dist/jquery.js ↳ jquery 2.2.3 jquery 2.2.3 has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ /home/dellwing/git/matomo/libs/bower_components/jquery/dist/jquery.min.js ↳ jquery 2.2.3 jquery 2.2.3 has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ /home/dellwing/git/matomo/libs/bower_components/jquery/dist/jquery.slim.js ↳ jquery 3.0.0-beta1 jquery 3.0.0-beta1 has known vulnerabilities: severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ /home/dellwing/git/matomo/libs/bower_components/jquery/dist/jquery.slim.min.js ↳ jquery 3.0.0-beta1 jquery 3.0.0-beta1 has known vulnerabilities: severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ /home/dellwing/git/matomo/libs/bower_components/jquery-ui/ui/jquery-ui.custom.js ↳ jquery-ui-dialog 1.10.4 jquery-ui-dialog 1.10.4 has known vulnerabilities: severity: high; CVE: CVE-2016-7103, bug: 281, summary: XSS Vulnerability on closeText option; https://github.com/jquery/api.jqueryui.com/issues/281 https://nvd.nist.gov/vuln/detail/CVE-2016-7103 https://snyk.io/vuln/npm:jquery-ui:20160721 /home/dellwing/git/matomo/libs/bower_components/jquery-ui/ui/jquery-ui.custom.js ↳ jquery-ui-autocomplete 1.10.4 /home/dellwing/git/matomo/libs/bower_components/jquery-ui/ui/jquery-ui.custom.js ↳ jquery-ui-tooltip 1.10.4 /home/dellwing/git/matomo/libs/bower_components/jquery-ui/ui/jquery-ui.js ↳ jquery-ui-dialog 1.10.4 jquery-ui-dialog 1.10.4 has known vulnerabilities: severity: high; CVE: CVE-2016-7103, bug: 281, summary: XSS Vulnerability on closeText option; https://github.com/jquery/api.jqueryui.com/issues/281 https://nvd.nist.gov/vuln/detail/CVE-2016-7103 https://snyk.io/vuln/npm:jquery-ui:20160721 /home/dellwing/git/matomo/libs/bower_components/jquery-ui/ui/jquery-ui.js ↳ jquery-ui-autocomplete 1.10.4 /home/dellwing/git/matomo/libs/bower_components/jquery-ui/ui/jquery-ui.js ↳ jquery-ui-tooltip 1.10.4 /home/dellwing/git/matomo/libs/bower_components/jquery-ui/ui/jquery.ui.dialog.js ↳ jquery-ui-dialog 1.10.4 jquery-ui-dialog 1.10.4 has known vulnerabilities: severity: high; CVE: CVE-2016-7103, bug: 281, summary: XSS Vulnerability on closeText option; https://github.com/jquery/api.jqueryui.com/issues/281 https://nvd.nist.gov/vuln/detail/CVE-2016-7103 https://snyk.io/vuln/npm:jquery-ui:20160721 /home/dellwing/git/matomo/tests/javascript/frameworks/dojo/dojo-1.0.3.js ↳ dojo 1.0.3 dojo 1.0.3 has known vulnerabilities: severity: medium; CVE: CVE-2010-2275; http://www.cvedetails.com/cve/CVE-2010-2275/ severity: medium; CVE: CVE-2008-6681; http://www.cvedetails.com/cve/CVE-2008-6681/ severity: medium; PR: 307; https://github.com/dojo/dojo/pull/307 https://dojotoolkit.org/blog/dojo-1-14-released /home/dellwing/git/matomo/tests/javascript/frameworks/dojo/dojo-1.1.2.js ↳ dojo 1.1.2 dojo 1.1.2 has known vulnerabilities: severity: medium; CVE: CVE-2010-2275; http://www.cvedetails.com/cve/CVE-2010-2275/ severity: medium; PR: 307; https://github.com/dojo/dojo/pull/307 https://dojotoolkit.org/blog/dojo-1-14-released /home/dellwing/git/matomo/tests/javascript/frameworks/dojo/dojo-1.2.4.js ↳ dojo 1.2.4 dojo 1.2.4 has known vulnerabilities: severity: medium; CVE: CVE-2010-2275; http://www.cvedetails.com/cve/CVE-2010-2275/ severity: medium; PR: 307; https://github.com/dojo/dojo/pull/307 https://dojotoolkit.org/blog/dojo-1-14-released /home/dellwing/git/matomo/tests/javascript/frameworks/dojo/dojo-1.3.3.js ↳ dojo 1.3.3 dojo 1.3.3 has known vulnerabilities: severity: medium; CVE: CVE-2010-2275; http://www.cvedetails.com/cve/CVE-2010-2275/ severity: medium; PR: 307; https://github.com/dojo/dojo/pull/307 https://dojotoolkit.org/blog/dojo-1-14-released /home/dellwing/git/matomo/tests/javascript/frameworks/dojo/dojo-1.4.3.js ↳ dojo 1.4.3 dojo 1.4.3 has known vulnerabilities: severity: medium; PR: 307; https://github.com/dojo/dojo/pull/307 https://dojotoolkit.org/blog/dojo-1-14-released /home/dellwing/git/matomo/tests/javascript/frameworks/dojo/dojo-1.5.0.js ↳ dojo 1.5.0 dojo 1.5.0 has known vulnerabilities: severity: medium; PR: 307; https://github.com/dojo/dojo/pull/307 https://dojotoolkit.org/blog/dojo-1-14-released /home/dellwing/git/matomo/tests/javascript/frameworks/dojo/dojo-1.6.0.js ↳ dojo 1.6.0 dojo 1.6.0 has known vulnerabilities: severity: medium; PR: 307; https://github.com/dojo/dojo/pull/307 https://dojotoolkit.org/blog/dojo-1-14-released /home/dellwing/git/matomo/tests/javascript/frameworks/jquery/jquery-1.0.4.js ↳ jquery 1.0.4 jquery 1.0.4 has known vulnerabilities: severity: medium; CVE: CVE-2011-4969, summary: XSS with location.hash; https://nvd.nist.gov/vuln/detail/CVE-2011-4969 http://research.insecurelabs.org/jquery/test/ https://bugs.jquery.com/ticket/9521 severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecurelabs.org/jquery/test/ /home/dellwing/git/matomo/tests/javascript/frameworks/jquery/jquery-1.1.4.js ↳ jquery 1.1.4 jquery 1.1.4 has known vulnerabilities: severity: medium; CVE: CVE-2011-4969, summary: XSS with location.hash; https://nvd.nist.gov/vuln/detail/CVE-2011-4969 http://research.insecurelabs.org/jquery/test/ https://bugs.jquery.com/ticket/9521 severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecurelabs.org/jquery/test/ /home/dellwing/git/matomo/tests/javascript/frameworks/jquery/jquery-1.2.6.js ↳ jquery 1.2.6 jquery 1.2.6 has known vulnerabilities: severity: medium; CVE: CVE-2011-4969, summary: XSS with location.hash; https://nvd.nist.gov/vuln/detail/CVE-2011-4969 http://research.insecurelabs.org/jquery/test/ https://bugs.jquery.com/ticket/9521 severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecurelabs.org/jquery/test/ /home/dellwing/git/matomo/tests/javascript/frameworks/jquery/jquery-1.3.2.js ↳ jquery 1.3.2 jquery 1.3.2 has known vulnerabilities: severity: medium; CVE: CVE-2011-4969, summary: XSS with location.hash; https://nvd.nist.gov/vuln/detail/CVE-2011-4969 http://research.insecurelabs.org/jquery/test/ https://bugs.jquery.com/ticket/9521 severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecurelabs.org/jquery/test/ /home/dellwing/git/matomo/tests/javascript/frameworks/jquery/jquery-1.4.4.js ↳ jquery 1.4.4 jquery 1.4.4 has known vulnerabilities: severity: medium; CVE: CVE-2011-4969, summary: XSS with location.hash; https://nvd.nist.gov/vuln/detail/CVE-2011-4969 http://research.insecurelabs.org/jquery/test/ https://bugs.jquery.com/ticket/9521 severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ /home/dellwing/git/matomo/tests/javascript/frameworks/jquery/jquery-1.5.1.js ↳ jquery 1.5.1 jquery 1.5.1 has known vulnerabilities: severity: medium; CVE: CVE-2011-4969, summary: XSS with location.hash; https://nvd.nist.gov/vuln/detail/CVE-2011-4969 http://research.insecurelabs.org/jquery/test/ https://bugs.jquery.com/ticket/9521 severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ /home/dellwing/git/matomo/tests/javascript/frameworks/prototype/prototype-1.5.0.js ↳ prototypejs 1.5.0 prototypejs 1.5.0 has known vulnerabilities: severity: high; CVE: CVE-2008-7220; http://www.cvedetails.com/cve/CVE-2008-7220/ http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/ /home/dellwing/git/matomo/tests/javascript/frameworks/prototype/prototype-1.6.0.js ↳ prototypejs 1.6.0 prototypejs 1.6.0 has known vulnerabilities: severity: high; CVE: CVE-2008-7220; http://www.cvedetails.com/cve/CVE-2008-7220/ http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/ /home/dellwing/git/matomo/tests/javascript/frameworks/yui/yui-3.3.0.js ↳ YUI 3.3.0 YUI 3.3.0 has known vulnerabilities: severity: high; CVE: CVE-2013-4941; http://www.cvedetails.com/cve/CVE-2013-4941/ severity: high; CVE: CVE-2013-4940; http://www.cvedetails.com/cve/CVE-2013-4940/ severity: high; CVE: CVE-2013-4939; http://www.cvedetails.com/cve/CVE-2013-4939/ /home/dellwing/git/matomo/libs/bower_components/jquery-ui/ui/minified/jquery-ui.custom.min.js ↳ jquery-ui-dialog 1.10.4 jquery-ui-dialog 1.10.4 has known vulnerabilities: severity: high; CVE: CVE-2016-7103, bug: 281, summary: XSS Vulnerability on closeText option; https://github.com/jquery/api.jqueryui.com/issues/281 https://nvd.nist.gov/vuln/detail/CVE-2016-7103 https://snyk.io/vuln/npm:jquery-ui:20160721 /home/dellwing/git/matomo/libs/bower_components/jquery-ui/ui/minified/jquery-ui.custom.min.js ↳ jquery-ui-autocomplete 1.10.4 /home/dellwing/git/matomo/libs/bower_components/jquery-ui/ui/minified/jquery-ui.custom.min.js ↳ jquery-ui-tooltip 1.10.4 /home/dellwing/git/matomo/libs/bower_components/jquery-ui/ui/minified/jquery-ui.min.js ↳ jquery-ui-dialog 1.10.4 jquery-ui-dialog 1.10.4 has known vulnerabilities: severity: high; CVE: CVE-2016-7103, bug: 281, summary: XSS Vulnerability on closeText option; https://github.com/jquery/api.jqueryui.com/issues/281 https://nvd.nist.gov/vuln/detail/CVE-2016-7103 https://snyk.io/vuln/npm:jquery-ui:20160721 /home/dellwing/git/matomo/libs/bower_components/jquery-ui/ui/minified/jquery-ui.min.js ↳ jquery-ui-autocomplete 1.10.4 /home/dellwing/git/matomo/libs/bower_components/jquery-ui/ui/minified/jquery-ui.min.js ↳ jquery-ui-tooltip 1.10.4 /home/dellwing/git/matomo/libs/bower_components/mousetrap/tests/libs/jquery-1.7.2.min.js ↳ jquery 1.7.2.min jquery 1.7.2.min has known vulnerabilities: severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/