Back to Free Tools

Joomla Stack Check

pumptrackbaslac.ch

C
pumptrackbaslac.ch
Check Complete

Results Summary

31 findings detected across pumptrackbaslac.ch.

1 component identified. WordPress detected: No.

Severity Breakdown

Total findings detected across all components. The public summary below groups findings by vulnerability type. To see every affected component in full detail, run a free scan on your own domain at vulnify.app/tools.

High3
Medium12
Low5
Info11

Findings Overview

31 unique issues shown below, grouped from 31 total findings. When a vulnerability affects multiple components, it is listed once with the affected component count.

  • high Multiple high-value Joomla public surfaces responded during validation

    Observed 4 high-value Joomla surfaces responding across API, administrator, installation, and manifest endpoints. That creates a much richer reconnaissance picture than a homepage-only scan would show.

  • high Content-Security-Policy header missing

    No CSP header detected. XSS impact surface is larger.

  • high Cookie missing Secure flag

    [REDACTED]: [REDACTED]=[REDACTED]; path=/; HttpOnly

  • medium Joomla footprint signals are weak or missing

    Joomla signal count: 0 | core version clue: 5.4.6. Confirm the target is a live Joomla frontend URL.

  • medium Joomla administrator manifest responded publicly

    Observed /administrator/manifests/files/joomla.xml with status 200 | version 5.4.6.

  • medium Potential Joomla configuration or deployment artifact exposure detected

    /README.txt -> 200 (Joomla readme-style artifact is publicly readable)

  • medium Content-Security-Policy (CSP): missing

    Prevents XSS and data injection attacks

  • medium X-Frame-Options: missing

    Prevents clickjacking attacks

  • medium X-XSS-Protection: missing

    Legacy XSS protection (modern browsers use CSP)

  • medium Referrer-Policy: missing

    Controls how much referrer information is shared

  • medium Permissions-Policy: missing

    Controls browser features and APIs

  • medium [REDACTED]: missing

    Restricts Adobe Flash and PDF policies

  • medium Cookie missing SameSite attribute

    [REDACTED]: [REDACTED]=[REDACTED]; path=/; HttpOnly

  • medium Different start URLs resolve to different final destinations

    https://pumptrackbaslac.ch/ | http://pumptrackbaslac.ch/ | https://www.pumptrackbaslac.ch/

  • medium Disclosure headers or generator metadata expose stack details

    Server: Apache

  • low Joomla extension and template footprint detected

    Detected 1 Joomla core, component, module, plugin, or template signal(s) from public assets and sampled routes.

  • low Version-confirmed Joomla component evidence was collected

    Confirmed version clues for 1 Joomla component signal(s) from public assets, generator hints, or manifest data. This is stronger than component-only visibility because it helps drive patch decisions immediately.

  • low Joomla core version clue was exposed publicly

    Observed Joomla version evidence: 5.4.6. Public core-version clues can accelerate exploit-path selection for attackers tracking Joomla advisories.

  • low Public Joomla API surface responded during validation

    Observed /api/index.php/v1 responding with status 403. Review whether this public API exposure is intentional and aligned with your access design.

  • low Joomla administrator entry point is publicly reachable

    Observed /administrator/ responding with status 403. Public reachability is common, but high-value admin paths should still be protected by stronger controls and monitoring.

11 findings are grouped in this public summary

This public page groups findings by vulnerability type to avoid exposing sensitive configuration details about pumptrackbaslac.ch. To see the full breakdown including every affected component, version number, and remediation step, run a free scan on your own domain using Vulnify.

Run a Free Scan on pumptrackbaslac.ch

What the Joomla Stack Check Covers

This security profile for pumptrackbaslac.ch was generated by Vulnify. The check analyzes:

  • Joomla core version and vulnerability lookup
  • Extension inventory and security assessment
  • Template and component identification
  • Security headers and configuration checks
  • Exposed configuration and sensitive file checks

Prioritized Actions

  • highRemove exposed Joomla config or deployment artifacts
  • highAdd Content-Security-Policy (CSP) header
  • highAdd baseline CSP
  • highHarden cookies
  • mediumValidate Joomla target surface
  • mediumReduce public Joomla core-version disclosure
  • mediumReview public access to Joomla manifest artifacts
  • mediumReview Joomla API exposure and access design
  • mediumAdd X-Frame-Options header
  • mediumAdd Referrer-Policy header
  • mediumAdd Permissions-Policy header
  • mediumUse hardened cookie prefixes where possible
  • mediumStandardize canonical redirect destination
  • mediumReduce disclosure headers
  • lowImprove Strict-Transport-Security (HSTS) configuration

Run a Full Security Scan on pumptrackbaslac.ch

Check for XSS, SQL injection, CSRF, broken authentication, and 50+ additional security tests with a complete vulnerability assessment.

About This Check

This report was generated using Vulnify's free security tools. Results reflect the configuration at the time of the check. For ongoing monitoring, detailed remediation guidance, and vulnerability scanning across 50+ security tests, create a free Vulnify account.

Last checked:

Cite this report

Vulnify Security Scanner. (n.d.). Security Scan Report. Vulnify. https://vulnify.app/joomla-stack-check/pumptrackbaslac.ch

https://vulnify.app/joomla-stack-check/pumptrackbaslac.ch

Report generated by Vulnify. Run your own scan. Export PDF

Report abuse

If this page contains sensitive data, copyright issues, or should not be public, report it.