Back to Codebase

Vulnerability Analysis Report

Drupal Core v8.6.0-beta2

Scan ID: SCAN-DRUPAL-CORE-UaMK6f • Hash: 39027dfa

Severity Score
High
Total Findings
5
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
1.046s

Vulnerability Details

L94

Insecure DOM Manipulation (XSS) in ckeditor.js

CWE-79
File Location: core/assets/vendor/ckeditor/ckeditor.js:94
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- ""):b},getOuterHtml:function(){if(this.$.outerHTML)return this.$.outerHTML.replace(/<\?[^>]*>/,"");var b=this.$.ownerDocument.createElement("div");b.appendChild(this.$.cloneNode(!0));return b.innerHTML},getClientRect:function(b){var g=CKEDITOR.tools.extend({},this.$.getBoundingClientRect());!g.width&&(g.width=g.right-g.left);!g.height&&(g.height=g.bottom-g.top);return b?CKEDITOR.tools.getAbsoluteRectPosition(this.getWindow(),g):g},setHtml:CKEDITOR.env.ie&&9>CKEDITOR.env.version?function(b){try{var g=
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L1287

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: core/assets/vendor/jquery/jquery.js:1287
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- docElem.appendChild( el ).innerHTML = "<a id='" + expando + "'></a>" +
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L556

Insecure DOM Manipulation (XSS) in ckeditor.js

CWE-79
File Location: core/assets/vendor/ckeditor/ckeditor.js:556
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- CKEDITOR.tools.fixDomain+")();document.write( '"+d+"' );document.close();")+"})())"),e.push('" style\x3d"position:absolute;left:0;top:0;width:100%;height: 100%;filter: progid:DXImageTransform.Microsoft.Alpha(opacity\x3d0)"\x3e\x3c/iframe\x3e')),e.push("\x3c/div\x3e"),f=CKEDITOR.dom.element.createFromHtml(e.join("")),f.setOpacity(void 0!==g?g:.5),f.on("keydown",n),f.on("keypress",n),f.on("keyup",n),f.appendTo(CKEDITOR.document.getBody()),B[c]=f);a.focusManager.add(f);y=f;a=function(){var a=b.getViewPaneSize();
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L6104

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: core/assets/vendor/jquery/jquery.js:6104
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = "";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L4877

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: core/assets/vendor/jquery/jquery.js:4877
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = "<textarea>x</textarea>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output