Description
Toggle sidebar
Pentest-Tools.comPentest-Tools.com logo
Resources
Account
Workspaces
Switch workspace
My Workspace
Dashboard
Assets
2
Scans
Findings
Attack Surface
Handlers
Configurations
Reports
Robots
Team
Integrations
Settings
Scan report
Website Vulnerability Scannerreport
finished
Target
Target added due to a redirect from http://mancosynergy.com/
WordPress detected: The tool discovered that the target is using WordPress.
We recommend scanning the target with the WordPress Vulnerability Scanner as well.
Summary
Findings
Performed Tests
Scan Stats
Scan Parameters
Summary
Risk levels
Critical
0
High
0
Overall risk level
Medium
1
Low
6
Info
32
Start time
Oct 09, 2025 – 16:28
Finish time
Oct 09, 2025 – 16:29
Scan duration
1 minute 5 seconds
Tests performed
39/39
Unlock full capabilities
The Light Website Scanner didn’t check for critical issues like SQLi, XSS, Command Injection, XXE, etc. Upgrade to run Deep scans with 40+ tests and detect more vulnerabilities.
Findings
Risk level
All (39)
C
Critical (0)
H
High (0)
M
Medium (1)
L
Low (6)
I
Info (32)
Vulnerabilities found for jquery ui 1.12.1
Risk level
M
Medium
Port / Protocol
443 / tcp
CVSS v3
CVSS v3: 6.5
EPSS
EPSS: 0.22267
Confidence
Confidence: Uncertain
Read more about manually validating findings
Evidence
Sort by
CVE
in ascending order
Sort by
CVSS
in ascending order
Sort by
EPSS Score
in ascending order
Sort by
EPSS Percentile
in ascending order
Sort by
Summary
in ascending order
CVE-2021-41184 6.5 0.22087 0.95506
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
CVE-2021-41183 6.5 0.02341 0.84237
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
CVE-2021-41182 6.5 0.22267 0.95523
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
CVE-2022-31160 6.1 0.10939 0.93045
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( “refresh” )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.
Details
Unsafe security header: Content-Security-Policy
Risk level
L
Low
Port / Protocol
443 / tcp
Confidence
Confidence: Certain
Evidence
URL
Response headers include the HTTP Content-Security-Policy security header with the following security issues:
script-src: script-src directive is missing.
base-uri: Missing base-uri allows the injection of base tags. They can be used to set the base URL for all relative (script) URLs to an attacker controlled domain. We recommend setting it to ‘none’ or ‘self’.
default-src: The default-src directive should be set as a fall-back when other restrictions have not been specified.
object-src: Missing object-src allows the injection of plugins which can execute JavaScript. We recommend setting it to ‘none’.
Request / Response
> Link:
> Link:
> Link:
> Etag: “77-1759708534;;;”
> X-LiteSpeed-Cache: hit
> Transfer-Encoding: chunked
> Date: Thu, 09 Oct 2025 15:28:51 GMT
> Server: LiteSpeed
> platform: hostinger
> panel: hpanel
> Content-Security-Policy: upgrade-insecure-requests
> alt-svc: h3=”:443″; ma=2592000, h3-29=”:443″; ma=2592000, h3-Q050=”:443″; ma=2592000, h3-Q046=”:443″; ma=2592000, h3-Q043=”:443″; ma=2592000, quic=”:443″; ma=2592000; v=”43,46″
>
Details
Missing security header: X-Content-Type-Options
Risk level
L
Low
Port / Protocol
443 / tcp
Confidence
Confidence: Certain
Evidence
URL
Response headers do not include the X-Content-Type-Options HTTP security header
Request / Response
Missing X-Content Header Passive Scan Request&Response
< GET / HTTP/1.1
< Host: mancosynergy.com
< User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
<
> HTTP/1.1 200 OK
> Connection: Keep-Alive
> Keep-Alive: timeout=5, max=100
> X-Powered-By: PHP/8.2.29
> Content-Type: text/html; charset=UTF-8
> Link:
> Link:
> Link:
Details
Missing security header: Referrer-Policy
Risk level
L
Low
Port / Protocol
443 / tcp
Confidence
Confidence: Certain
Evidence
URL
Response headers do not include the Referrer-Policy HTTP security header as well as the tag with name ‘referrer’ is not present in the response.
Request / Response
Missing Referrer Header Passive Scan Request&Response
< GET / HTTP/1.1
< Host: mancosynergy.com
< User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
<
> HTTP/1.1 200 OK
> Connection: Keep-Alive
> Keep-Alive: timeout=5, max=100
> X-Powered-By: PHP/8.2.29
> Content-Type: text/html; charset=UTF-8
> Link:
> Link:
> Link:
Details
Missing security header: Strict-Transport-Security
Risk level
L
Low
Port / Protocol
443 / tcp
Confidence
Confidence: Certain
Evidence
URL
Response headers do not include the HTTP Strict-Transport-Security header
Request / Response
Missing HSTS Header Passive Scan Request&Response
< GET / HTTP/1.1
< Host: mancosynergy.com
< User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
<
> HTTP/1.1 200 OK
> Connection: Keep-Alive
> Keep-Alive: timeout=5, max=100
> X-Powered-By: PHP/8.2.29
> Content-Type: text/html; charset=UTF-8
> Link:
> Link:
> Link:
Details
Robots.txt file found
Risk level
L
Low
Port / Protocol
443 / tcp
Confidence
Confidence: Certain
Evidence
Sort by
URL
in ascending order
https://mancosynergy.com/robots.txt
Details
Server software and technology found
Risk level
L
Low
Port / Protocol
443 / tcp
Confidence
Confidence: Uncertain
Read more about manually validating findings
Evidence
Sort by
Software / Version
in ascending order
Sort by
Category
in ascending order
All in One SEO Pack 4.8.7.2 SEO, WordPress plugins
cdnjs CDN
Clipboard.js JavaScript libraries
jQuery CDN CDN
Magnific Popup 1.0.0 JavaScript libraries
Elementor 3.30.4 Page builders, WordPress plugins
Bootstrap UI frameworks
Elementor Header & Footer Builder WordPress plugins
jQuery Migrate 3.4.1 JavaScript libraries
core-js 3.39.0 JavaScript libraries
Google Font API Font scripts
GSAP 3.8.0 JavaScript frameworks
HTTP/3 Miscellaneous
imagesLoaded 5.0.0 JavaScript libraries
Isotope JavaScript libraries
jQuery 3.7.1 JavaScript libraries
jQuery UI 1.12.1 JavaScript libraries
LiteSpeed Web servers
LottieFiles 5.6.8 Miscellaneous
MySQL Databases
Open Graph Miscellaneous
PHP 8.2.29 Programming languages
Redux Framework 4.5.7 WordPress plugins
Swiper JavaScript libraries
Twitter Emoji (Twemoji) Font scripts
Priority Hints Performance
WooCommerce Ecommerce, WordPress plugins
WordPress 6.8.3 CMS, Blogs
Cloudflare CDN
Hostinger Hosting
Lodash 1.13.7 JavaScript libraries
RSS Miscellaneous
Details
HTTP OPTIONS enabled
Risk level
I
Info
Port / Protocol
443 / tcp
Confidence
Confidence: Certain
Evidence
Sort by
URL
in ascending order
Sort by
Method
in ascending order
Sort by
Summary
in ascending order
OPTIONS
We did a HTTP OPTIONS request. The server responded with a 200 status code and the header: Allow: OPTIONS,HEAD,GET,POST Request / Response
Details
Security.txt file is missing
Risk level
I
Info
Port / Protocol
443 / tcp
Confidence
Confidence: Certain
Evidence
Sort by
URL
in ascending order
Missing: https://mancosynergy.com/.well-known/security.txt
Details
API endpoints
Risk level
I
Info
Port / Protocol
443 / tcp
Confidence
Confidence: Uncertain
Read more about manually validating findings
Evidence
URL
https://mancosynergy.com/xmlrpc.php
Method
GET
Parameters
Query: rsd= Headers: User-Agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
Possible API endpoint found at /xmlrpc.php
Request / Response
API endpoints Passive Scan Request&Response
< GET /xmlrpc.php?rsd= HTTP/1.1
< Host: mancosynergy.com
< User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
<
> HTTP/1.1 200 OK
> Connection: Keep-Alive
> Keep-Alive: timeout=5, max=100
> X-Powered-By: PHP/8.2.29
> Content-Type: text/xml; charset=UTF-8
> X-LiteSpeed-Cache-Control: no-cache
> Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private
> Content-Length: 808
Details
Email Address Exposure
Risk level
I
Info
Port / Protocol
443 / tcp
Confidence
Confidence: Uncertain
Read more about manually validating findings
Evidence
URL
Method
GET
Parameters
Headers: User-Agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
Email Address:
info@mancosynergy.com
Request / Response
Reviews
There are no reviews yet.