![](/screenshots/35301cc5-0e20-4d44-9361-8beae49e1a3d.png)
sec-consult.com
Open in
urlscan Pro
128.204.134.20
Public Scan
Effective URL: https://sec-consult.com/vulnerability-lab/advisory/mutiple-stored-cross-site-scripting-vulnerabilities-in-openolat-frent...
Submission: On February 27 via api from IL — Scanned from IL
Summary
TLS certificate: Issued by R3 on January 18th 2024. Valid for: 3 months.
This is the only time sec-consult.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 52.72.49.79 52.72.49.79 | 14618 (AMAZON-AES) (AMAZON-AES) | |
17 | 128.204.134.20 128.204.134.20 | 44453 (INTERNEX-AS) (INTERNEX-AS) | |
17 | 2 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-49-79.compute-1.amazonaws.com
r.sec-consult.com |
ASN44453 (INTERNEX-AS, AT)
PTR: serv15540438.secure-node.at
sec-consult.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
sec-consult.com
1 redirects
r.sec-consult.com sec-consult.com |
197 KB |
17 | 1 |
Domain | Requested by | |
---|---|---|
17 | sec-consult.com |
sec-consult.com
|
1 | r.sec-consult.com | 1 redirects |
17 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.openolat.com |
eviden.com |
twitter.com |
www.linkedin.com |
www.xing.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sec-consult.com R3 |
2024-01-18 - 2024-04-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://sec-consult.com/vulnerability-lab/advisory/mutiple-stored-cross-site-scripting-vulnerabilities-in-openolat-frentix-gmbh/
Frame ID: EC6E992DB202F5BD8A6E4D6331358DBF
Requests: 20 HTTP requests in this frame
Screenshot
![](/screenshots/35301cc5-0e20-4d44-9361-8beae49e1a3d.png)
Page Title
Multiple Stored Cross-Site-Scripting Vulnerabilities in OpenOLAT (Frentix GmbH) - SEC ConsultPage URL History Show full URLs
-
https://r.sec-consult.com/openolat
HTTP 301
https://sec-consult.com/vulnerability-lab/advisory/mutiple-stored-cross-site-scripting-vulnerabiliti... Page URL
Detected technologies
Detected patterns
- <link[^>]+ href="/?typo3(?:conf|temp)/
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
Title: https://www.openolat.com/
Search URL Search Domain Scan URL
Title: https://www.openolat.com/unternehmen/
Search URL Search Domain Scan URL
Title: https://www.openolat.com/releases/
Search URL Search Domain Scan URL
Title: Eviden
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://r.sec-consult.com/openolat
HTTP 301
https://sec-consult.com/vulnerability-lab/advisory/mutiple-stored-cross-site-scripting-vulnerabilities-in-openolat-frentix-gmbh/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
sec-consult.com/vulnerability-lab/advisory/mutiple-stored-cross-site-scripting-vulnerabilities-in-openolat-frentix-gmbh/ Redirect Chain
|
69 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
merged-4a031966a7771cfed6ba81a46af41c98-771ad72551faed54a4fde98e171947d8.css
sec-consult.com/typo3temp/assets/compressed/ |
101 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
manifest.js
sec-consult.com/typo3conf/ext/sec_consult_base/Resources/Public/JavaScript/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor.js
sec-consult.com/typo3conf/ext/sec_consult_base/Resources/Public/JavaScript/ |
56 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
sec-consult.com/typo3conf/ext/sec_consult_base/Resources/Public/JavaScript/ |
28 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons.woff2
sec-consult.com/typo3conf/ext/sec_consult_base/Resources/Public/Fonts/Icons/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
roboto-v20-latin-500.woff2
sec-consult.com/typo3conf/ext/sec_consult_base/Resources/Public/Fonts/Roboto/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
roboto-v20-latin-700.woff2
sec-consult.com/typo3conf/ext/sec_consult_base/Resources/Public/Fonts/Roboto/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
roboto-v20-latin-regular.woff2
sec-consult.com/typo3conf/ext/sec_consult_base/Resources/Public/Fonts/Roboto/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
merged-c70b944c70f659d5fcde5213c27bc7b4-26e355d8237d646846de0d4c368af8ce.js
sec-consult.com/typo3temp/assets/compressed/ |
7 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
438 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
443 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
442 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
roboto-v20-latin-italic.woff2
sec-consult.com/typo3conf/ext/sec_consult_base/Resources/Public/Fonts/Roboto/ |
17 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
roboto-v20-latin-700italic.woff2
sec-consult.com/typo3conf/ext/sec_consult_base/Resources/Public/Fonts/Roboto/ |
17 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
csm_sec-consult-c-vulnerability-openolat_c9a6bd3435.webp
sec-consult.com/fileadmin/_processed_/d/4/ |
8 KB 8 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
csm_sec-consult-c-vulnerability-openolat2_d0ab2db77d.webp
sec-consult.com/fileadmin/_processed_/4/c/ |
8 KB 8 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
slider.js
sec-consult.com/typo3conf/ext/sec_consult_base/Resources/Public/JavaScript/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
csm_sec-consult-c-vulnerability-openolat_c9a6bd3435.webp
sec-consult.com/fileadmin/_processed_/d/4/ |
8 KB 7 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
csm_sec-consult-c-vulnerability-openolat2_d0ab2db77d.webp
sec-consult.com/fileadmin/_processed_/4/c/ |
8 KB 8 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| $jscomp function| $jscomp$lookupPolyfilledValue function| lsCookieConsent object| webpackChunkwww_sec_consult_com object| lazySizes object| regeneratorRuntime number| tnsId0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
r.sec-consult.com
sec-consult.com
128.204.134.20
52.72.49.79
0b8d4e9f3061c261bce898263485c40d9be65da37cb4c7e535eed5511bb665a3
24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf
33416f97c1ab0c33f79b597996eff202c3abb909497a0ac913b7184a435cbb68
401e6c25801ba2d59795d05a6dd973f95566b41070d3939ba9307d65860ae50e
411863a78c583fd435df384faeacd54c840b2711fd479d9484bdc57b5c713466
46405c388447913e57d7f2b52317958e77a80abd9cdf3b4ff8d36f4fae2e279a
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
5cc2e47701ee7dc9e0ba16303e170db0fcb2df2989b7763ac705893d37b4e237
80886db70c9228b5101c6fadd11d1008023c2b6440e1fc3f5a8b778ff5fec6f1
9bb43a424537457cd4df2465bd04a84bc04ad6b1c6399fb98db57f752806593f
9c16692521d3e6fcb90ec655dd3ba2795114d259a618019b6cd3105c0e1303f1
9ca71de10cd669f896633410a2200ff882716d3fcd98daa1511f4e84ca0358ef
9df3fcc8819c15dae03e5a73458de54a52b35146c69a8873f10f336356ada734
aaebc629ffc84003520196d62b7c768ee39f608309507027784933665d633c23
b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae
d283eeb10ef98c9c619e4b05217b9edfa3552b84a42e9f8c8e72c1580a46ded4
f1c2ba4f96545b610a79a447664ff14dff1664d3064c1da0004fddc68ceb6c40
ff0e6f5d078b32a4d418266e0aab2a68457bcba53370f07da90c8a1e83210dd5