📝 Code Report

javascript.lang.security.detect-insecure-websocket.detect-insecure-websocket — Insecure WebSocket Detected. WebSocket Secure (wss) should be used for all WebSocket connections.
File: game.js:9, Severity: Moderate

html.security.audit.missing-integrity.missing-integrity — This tag is missing an 'integrity' subresource integrity attribute. The 'integrity' attribute allows for the browser to verify that externally hosted files (for example from a CDN) are delivered without unexpected manipulation. Without this attribute, if an attacker can modify the externally hosted resource, this could lead to XSS and other types of attacks. To prevent this, include the base64-encoded cryptographic hash of the resource (file) you’re telling the browser to fetch in the 'integrity' attribute for all externally hosted files.
File: index_twitch.html:121, Severity: Moderate

html.security.audit.missing-integrity.missing-integrity — This tag is missing an 'integrity' subresource integrity attribute. The 'integrity' attribute allows for the browser to verify that externally hosted files (for example from a CDN) are delivered without unexpected manipulation. Without this attribute, if an attacker can modify the externally hosted resource, this could lead to XSS and other types of attacks. To prevent this, include the base64-encoded cryptographic hash of the resource (file) you’re telling the browser to fetch in the 'integrity' attribute for all externally hosted files.
File: init_twitch.html:5, Severity: Moderate

javascript.lang.security.detect-insecure-websocket.detect-insecure-websocket — Insecure WebSocket Detected. WebSocket Secure (wss) should be used for all WebSocket connections.
File: resources/index.js:9, Severity: Moderate

generic.secrets.security.detected-jwt-token.detected-jwt-token — JWT token detected
File: 0 - General/Scripts/Global/Smtp.gd:4, Severity: Moderate

generic.secrets.security.detected-jwt-token.detected-jwt-token — JWT token detected
File: 0 - General/Scripts/Global/Smtp.gd:5, Severity: Moderate

generic.secrets.security.detected-jwt-token.detected-jwt-token — JWT token detected
File: 0 - General/Scripts/Global/Smtp.gd:4, Severity: Moderate

generic.secrets.security.detected-jwt-token.detected-jwt-token — JWT token detected
File: 0 - General/Scripts/Global/Smtp.gd:5, Severity: Moderate

generic.secrets.security.detected-jwt-token.detected-jwt-token — JWT token detected
File: 0 - General/Scripts/Global/Smtp.gd:4, Severity: Moderate

generic.secrets.security.detected-jwt-token.detected-jwt-token — JWT token detected
File: 0 - General/Scripts/Global/Smtp.gd:5, Severity: Moderate

java.lang.security.audit.xss.jsf.autoescape-disabled.autoescape-disabled — Detected an element with disabled HTML escaping. If external data can reach this, this is a cross-site scripting (XSS) vulnerability. Ensure no external data can reach here, or remove 'escape=false' from this element.
File: public/chat/0 - PENDIENTES/[11-19-24] elisawaves - 📸 CURSO DE FOTOGRAFÍA 📸 - EP 4 (FINAL)： Objetivos ｜｜✨≋ELISAWAVES≋✨ - Chat.html:65, Severity: Moderate

java.lang.security.audit.xss.jsf.autoescape-disabled.autoescape-disabled — Detected an element with disabled HTML escaping. If external data can reach this, this is a cross-site scripting (XSS) vulnerability. Ensure no external data can reach here, or remove 'escape=false' from this element.
File: public/chat/0 - PENDIENTES/[11-19-24] elisawaves - 📸 CURSO DE FOTOGRAFÍA 📸 - EP 4 (FINAL)： Objetivos ｜｜✨≋ELISAWAVES≋✨ - Chat.html:75, Severity: Moderate

javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring — Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.
File: src/lib/youtube.ts:67, Severity: Moderate

javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring — Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.
File: src/lib/youtube.ts:113, Severity: Moderate

javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring — Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.
File: src/lib/youtube.ts:139, Severity: Moderate

javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring — Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.
File: src/lib/youtube.ts:188, Severity: Moderate

javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring — Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.
File: src/lib/youtube.ts:206, Severity: Moderate