- Nikto v2.6.0 --------------------------------------------------------------------------- + Target IP: 18.208.88.157 + Target Hostname: kadriyenurerman.com + Target Port: 80 + Platform: Unknown + Start Time: 2026-06-15 15:35:45 (GMT-4) --------------------------------------------------------------------------- + Server: Netlify + Multiple IPs found: 18.208.88.157, 98.84.224.111 + No CGI Directories found (use '-C all' to force check all possible dirs). CGI tests skipped. + [013587] /: Suggested security header missing: strict-transport-security. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security + [013587] /: Suggested security header missing: referrer-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy + [013587] /: Suggested security header missing: permissions-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy + [013587] /: Suggested security header missing: content-security-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP + [013587] /: Suggested security header missing: x-content-type-options. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options + [000702] /themes/mambosimple.php?detection=detected&sitename=: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204 + [000703] /index.php?option=search&searchword=: Mambo Site Server 4.0 build 10 is vulnerable to Cross Site Scripting (XSS). + [000704] /emailfriend/emailnews.php?id=\": Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204 + [000705] /emailfriend/emailfaq.php?id=\": Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204 + [000706] /emailfriend/emailarticle.php?id=\": Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204 + [000707] /administrator/upload.php?newbanner=1&choice=\": Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). + [000708] /administrator/popups/sectionswindow.php?type=web&link=\": Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204 + [000709] /administrator/gallery/view.php?path=\": Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204 + [000710] /administrator/gallery/uploadimage.php?directory=\": Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204 + [000711] /administrator/gallery/navigation.php?directory=\": Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204 + [000712] /administrator/gallery/gallery.php?directory=\": Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204 + [000714] /https-admserv/bin/index?/: Sun ONE Web Server 6.1 administration control is vulnerable to XSS attacks. + [000715] /clusterframe.jsp?cluster=: Macromedia JRun 4.x JMC Interface, clusterframe.jsp file is vulnerable to a XSS attack. + [000717] /upload.php?type=\": Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). + [000718] /soinfo.php?\">: The PHP script soinfo.php is vulnerable to Cross Site Scripting. Set expose_php = Off in php.ini. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1954 + [000725] /servlet/MsgPage?action=test&msg=: NetDetector 3.0 and below are vulnerable to Cross Site Scripting (XSS). + [000730] /servlets/MsgPage?action=badlogin&msg=: The NetDetector install is vulnerable to Cross Site Scripting (XSS) in its invalid login message. + [000734] /SiteServer/Knowledge/Default.asp?ctr=\">: Site Server is vulnerable to Cross Site Scripting. + [000735] /_mem_bin/formslogin.asp?\">: Site Server is vulnerable to Cross Site Scripting. + [000741] /webcalendar/week.php?eventinfo=: Webcalendar 0.9.42 and below are vulnerable to Cross Site Scripting (XSS). + [000776] /user.php?op=userinfo&uname=: The PHP-Nuke installation is vulnerable to Cross Site Scripting (XSS). Update to versions above 5.3.1. + [000777] /user.php?op=confirmnewuser&module=NS-NewUser&uNikto=%22%3E%3Cimg%20src=%22javascript:alert(document.cookie);%22%3E&email=test@test.com: Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). - STATUS: Completed 1112 requests (~15% complete, ~1.2 minutes left): currently in plugin 'Nikto Tests' - STATUS: Running average: Not enough data. + Scan terminated: 20 errors and 27 items reported on the remote host + End Time: 2026-06-15 15:35:57 (GMT-4) (12 seconds) --------------------------------------------------------------------------- + 1 host(s) tested