diff --git a/a.tmp b/b.tmp index 1652641..f6e16b1 100644 --- a/a.tmp +++ b/b.tmp @@ -1,8 +1,10 @@ app/controllers/wmoauth_controller.rb Redirect General Possible unprotected redirect near line : redirect_to(Wmoauth.get_client.auth_code.authorize_url(:redirect_uri => ENV["REDIRECT_URI"])) High +app/controllers/wmoauth_controller.rb SSL Verification Bypass General SSL certificate verification was bypassed near line : Net::HTTP.new(URI.parse(URI.escape("https://jointhejourney.us.list-manage.com/subscribe/post?u=#{ENV["MAILCHIMP_ORG_ID"]}&id=#{ENV["MAILCHIMP_LIST_ID"]}&FNAME=#{user["first_name"]}&LNAME=#{user["last_name"]}&EMAIL=#{user["email"]}")).host, URI.parse(URI.escape("https://jointhejourney.us.list-manage.com/subscribe/post?u=#{ENV["MAILCHIMP_ORG_ID"]}&id=#{ENV["MAILCHIMP_LIST_ID"]}&FNAME=#{user["first_name"]}&LNAME=#{user["last_name"]}&EMAIL=#{user["email"]}")).port).verify_mode = OpenSSL::SSL::VERIFY_NONE High app/controllers/webhooks_controller.rb Cross Site Request Forgery Controller 'protect_from_forgery' should be called in WebhooksController near line High app/views/calendar/show.html.erb Cross Site Scripting Template Unescaped model attribute near line : Calendar.format_calendar_data(Entry.find_by_date((params[:id] + "--"), (params[:id] + "--"), )).to_s Medium app/views/sections/_central_truth.html.erb Cross Site Scripting Template Unescaped model attribute near line : Entry.find(params[:id], params[:preview_code])["central_truth"]["journey_central_truth"] High +app/views/sections/_discussion_questions.html.erb Cross Site Scripting Template Unescaped model attribute near line : Entry.find(params[:id], params[:preview_code])["discussion_questions"]["journey_discussion_questions"] High app/views/sections/_introduction.html.erb Cross Site Scripting Template Unescaped model attribute near line : Entry.find(params[:id], params[:preview_code])["introduction"]["journey_introduction"] High app/views/sections/_introduction.html.erb Cross Site Scripting Template Unescaped model attribute near line : Entry.find(params[:id], params[:preview_code])["introduction"]["journey_introduction"] High app/views/sections/_introduction.html.erb Cross Site Scripting Template Unescaped model attribute near line : Entry.find(params[:id], params[:preview_code])["introduction"]["journey_introduction"] High @@ -10,4 +12,3 @@ app/views/sections/_key_verse.html.erb Cross Site Scripting Template Unescaped app/views/sections/_scripture_memory.html.erb Cross Site Scripting Template Unescaped model attribute near line : Entry.find(params[:id], params[:preview_code])["scripture_memory"]["journey_scripture_memory_html"] High app/views/sections/_tweetable_truth.html.erb Cross Site Scripting Template Unescaped model attribute near line : Entry.find(params[:id], params[:preview_code])["tweetable_truth"]["journey_tweetable_truth"] High app/views/sections/_writer.html.erb Cross Site Scripting Template Unescaped model attribute near line : Entry.find(params[:id], params[:preview_code])["writer"]["journey_writer_bio"] High -app/views/sections/comments/_group_comments.html.erb Cross Site Scripting Template Unescaped model attribute near line : { post["post_number"] => ({ :raw => post["cooked"], :name => post["name"], :reply_count => post["reply_count"], :created_at => post["created_at"], :reply_to_post_number => post["reply_to_post_number"], :post_number => post["post_number"] }) }[(Unresolved Model).new.post_no][:raw] Weak