jashkenas
commented
6 years ago I'm afraid I don't know what that means — you'll have to get a more specific error from your scanner. Ideally with the line number / snippet of code that's triggering the error. Otherwise, there's not much we can do to help you.
Hi there, I range a Magento Security scan on our website. The scanner is only available if you have a magento.com account at https://account.magento.com/scanner. The scan reported the following;
Your site is compromised with injected JavaScript The malicious code signature(s) has been found in resources: /js/mirasvit/core/backbone.js
We are using a Magento module by a company called Mirasvit (https://mirasvit.com) that uses backbone js. I reported the issue to them and they said;
We are using official version of backbone (0.9.2). Original version: https://raw.githubusercontent.com/jashkenas/backbone/0.9.2/backbone-min.js
I have checked the file on my site and it exactly matches the above so I know the file hasn't been modified either from the developer or by someone gaining access to the server, so I thought I should make you aware and also seeking some support on what this means.
Thank you.