Back to Codebase

Vulnerability Analysis Report

Drupal Core v8.0-alpha4

Scan ID: SCAN-DRUPAL-CORE-R3qO7H • Hash: f016e59c

Severity Score
High
Total Findings
5
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.794s

Vulnerability Details

L70

Insecure DOM Manipulation (XSS) in ckeditor.js

CWE-79
File Location: core/assets/vendor/ckeditor/ckeditor.js:70
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- "");var b=this.$.ownerDocument.createElement("div");b.appendChild(this.$.cloneNode(true));return b.innerHTML},getClientRect:function(){var b=CKEDITOR.tools.extend({},this.$.getBoundingClientRect());!b.width&&(b.width=b.right-b.left);!b.height&&(b.height=b.bottom-b.top);return b},setHtml:function(){var b=function(b){return this.$.innerHTML=b};return CKEDITOR.env.ie&&CKEDITOR.env.version<9?function(b){try{return this.$.innerHTML=b}catch(a){this.$.innerHTML="";var c=new CKEDITOR.dom.element("body",this.getDocument());
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L627

Insecure DOM Manipulation (XSS) in ckeditor.js

CWE-79
File Location: core/assets/vendor/ckeditor/ckeditor.js:627
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- var b=CKEDITOR.plugins.enterkey,f=b.enterBr,i=b.enterBlock,h=/^h[1-6]$/}(),function(){function d(d,c){var a={},b=[],f={nbsp:" ",shy:"­",gt:">",lt:"<",amp:"&",apos:"'",quot:'"'},d=d.replace(/\b(nbsp|shy|gt|lt|amp|apos|quot)(?:,|$)/g,function(d,e){var g=c?"&"+e+";":f[e];a[g]=c?f[e]:"&"+e+";";b.push(g);return""});if(!c&&d){var d=d.split(","),i=document.createElement("div"),h;i.innerHTML="&"+d.join(";&")+";";h=i.innerHTML;i=null;for(i=0;i<h.length;i++){var g=h.charAt(i);a[g]="&"+d[i]+";";b.push(g)}}a.regex=
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L71

Insecure DOM Manipulation (XSS) in ckeditor.js

CWE-79
File Location: core/assets/vendor/ckeditor/ckeditor.js:71
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- c.$.innerHTML=b;for(c=c.getChildren();c.count();)this.append(c.getItem(0));return b}}:b}(),setText:function(b){CKEDITOR.dom.element.prototype.setText=this.$.innerText!=void 0?function(b){return this.$.innerText=b}:function(b){return this.$.textContent=b};return this.setText(b)},getAttribute:function(){var b=function(b){return this.$.getAttribute(b,2)};return CKEDITOR.env.ie&&(CKEDITOR.env.ie7Compat||CKEDITOR.env.ie6Compat)?function(b){switch(b){case "class":b="className";break;case "http-equiv":b=
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L278

Insecure DOM Manipulation (XSS) in qunit.js

CWE-79
File Location: core/assets/vendor/jquery.ui/external/qunit.js:278
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- b.innerHTML = this.nameHtml + " <b class='counts'>(<b class='failed'>" + bad + "</b>, <b class='passed'>" + good + "</b>, " + this.assertions.length + ")</b>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L69

Insecure DOM Manipulation (XSS) in ckeditor.js

CWE-79
File Location: core/assets/vendor/ckeditor/ckeditor.js:69
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- contains:CKEDITOR.env.ie||CKEDITOR.env.webkit?function(b){var f=this.$;return b.type!=CKEDITOR.NODE_ELEMENT?f.contains(b.getParent().$):f!=b.$&&f.contains(b.$)}:function(b){return!!(this.$.compareDocumentPosition(b.$)&16)},focus:function(){function b(){try{this.$.focus()}catch(b){}}return function(f){f?CKEDITOR.tools.setTimeout(b,100,this):b.call(this)}}(),getHtml:function(){var b=this.$.innerHTML;return CKEDITOR.env.ie?b.replace(/<\?[^>]*>/g,""):b},getOuterHtml:function(){if(this.$.outerHTML)return this.$.outerHTML.replace(/<\?[^>]*>/,
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output