Back to Codebase

Vulnerability Analysis Report

Drupal Core v8.7.0-beta1

Scan ID: SCAN-DRUPAL-CORE-5EIMxK • Hash: 752d25a1

Severity Score
High
Total Findings
5
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
1.14s

Vulnerability Details

L1326

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: core/assets/vendor/jquery/jquery.js:1326
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- el.innerHTML = "<a href='' disabled='disabled'></a>" +
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L97

Insecure DOM Manipulation (XSS) in ckeditor.js

CWE-79
File Location: core/assets/vendor/ckeditor/ckeditor.js:97
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return d}}:function(d){return this.$.innerHTML=d},setText:function(){var d=document.createElement("p");d.innerHTML="x";d=d.textContent;return function(g){this.$[d?"textContent":"innerText"]=g}}(),getAttribute:function(){var d=function(d){return this.$.getAttribute(d,2)};return CKEDITOR.env.ie&&(CKEDITOR.env.ie7Compat||CKEDITOR.env.quirks)?function(d){switch(d){case "class":d="className";break;case "http-equiv":d="httpEquiv";break;case "name":return this.$.name;case "tabindex":return d=this.$.getAttribute(d,
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L2749

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: core/assets/vendor/jquery/jquery.js:2749
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- el.innerHTML = "<a href='#'></a>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L9761

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: core/assets/vendor/jquery/jquery.js:9761
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- body.innerHTML = "<form></form><form></form>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L783

Insecure DOM Manipulation (XSS) in ckeditor.js

CWE-79
File Location: core/assets/vendor/ckeditor/ckeditor.js:783
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- shy:"­",gt:"\x3e",lt:"\x3c",amp:"\x26",apos:"'",quot:'"'};e=e.replace(/\b(nbsp|shy|gt|lt|amp|apos|quot)(?:,|$)/g,function(d,a){var e=c?"\x26"+a+";":l[a];h[e]=c?l[a]:"\x26"+a+";";b.push(e);return""});e=e.replace(/,$/,"");if(!c&&e){e=e.split(",");var k=document.createElement("div"),d;k.innerHTML="\x26"+e.join(";\x26")+";";d=k.innerHTML;k=null;for(k=0;k<d.length;k++){var g=d.charAt(k);h[g]="\x26"+e[k]+";";b.push(g)}}h.regex=b.join(c?"|":"");return h}CKEDITOR.plugins.add("entities",{afterInit:function(f){function c(a){return g[a]}
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output