app/controllers/wmoauth_controller.rb		Redirect	General	Possible unprotected redirect near line : redirect_to(Wmoauth.get_client.auth_code.authorize_url(:redirect_uri => ENV["REDIRECT_URI"]))	High
app/controllers/wmoauth_controller.rb		SSL Verification Bypass	General	SSL certificate verification was bypassed near line : Net::HTTP.new(URI.parse(URI.escape("https://jointhejourney.us.list-manage.com/subscribe/post?u=#{ENV["MAILCHIMP_ORG_ID"]}&amp;id=#{ENV["MAILCHIMP_LIST_ID"]}&FNAME=#{user["first_name"]}&LNAME=#{user["last_name"]}&EMAIL=#{user["email"]}")).host, URI.parse(URI.escape("https://jointhejourney.us.list-manage.com/subscribe/post?u=#{ENV["MAILCHIMP_ORG_ID"]}&amp;id=#{ENV["MAILCHIMP_LIST_ID"]}&FNAME=#{user["first_name"]}&LNAME=#{user["last_name"]}&EMAIL=#{user["email"]}")).port).verify_mode = OpenSSL::SSL::VERIFY_NONE	High
app/controllers/webhooks_controller.rb		Cross Site Request Forgery	Controller	'protect_from_forgery' should be called in WebhooksController near line 	High

app/views/calendar/show.html.erb		Cross Site Scripting	Template	Unescaped model attribute near line : Calendar.format_calendar_data(Entry.find_by_date((params[:id] + "--"), (params[:id] + "--"), )).to_s	Medium
app/views/sections/_central_truth.html.erb		Cross Site Scripting	Template	Unescaped model attribute near line : Entry.find(params[:id], params[:preview_code])["central_truth"]["journey_central_truth"]	High
app/views/sections/_discussion_questions.html.erb		Cross Site Scripting	Template	Unescaped model attribute near line : Entry.find(params[:id], params[:preview_code])["discussion_questions"]["journey_discussion_questions"]	High
app/views/sections/_introduction.html.erb		Cross Site Scripting	Template	Unescaped model attribute near line : Entry.find(params[:id], params[:preview_code])["introduction"]["journey_introduction"]	High
app/views/sections/_introduction.html.erb		Cross Site Scripting	Template	Unescaped model attribute near line : Entry.find(params[:id], params[:preview_code])["introduction"]["journey_introduction"]	High
app/views/sections/_introduction.html.erb		Cross Site Scripting	Template	Unescaped model attribute near line : Entry.find(params[:id], params[:preview_code])["introduction"]["journey_introduction"]	High
app/views/sections/_key_verse.html.erb		Cross Site Scripting	Template	Unescaped model attribute near line : Entry.find(params[:id], params[:preview_code])["key_verse"]["journey_key_verse_html"]	High
app/views/sections/_scripture_memory.html.erb		Cross Site Scripting	Template	Unescaped model attribute near line : Entry.find(params[:id], params[:preview_code])["scripture_memory"]["journey_scripture_memory_html"]	High
app/views/sections/_tweetable_truth.html.erb		Cross Site Scripting	Template	Unescaped model attribute near line : Entry.find(params[:id], params[:preview_code])["tweetable_truth"]["journey_tweetable_truth"]	High
app/views/sections/_writer.html.erb		Cross Site Scripting	Template	Unescaped model attribute near line : Entry.find(params[:id], params[:preview_code])["writer"]["journey_writer_bio"]	High