Back to Codebase

Vulnerability Analysis Report

Drupal Core v9.2.3

Scan ID: SCAN-DRUPAL-CORE-cUMcJl • Hash: 602d1305

Severity Score
High
Total Findings
5
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.532s

Vulnerability Details

L4931

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: core/assets/vendor/jquery/jquery.js:4931
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = "<textarea>x</textarea>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L10301

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: core/assets/vendor/jquery/jquery.js:10301
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- body.innerHTML = "<form></form><form></form>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L97

Insecure DOM Manipulation (XSS) in ckeditor.js

CWE-79
File Location: core/assets/vendor/ckeditor/ckeditor.js:97
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- c=new CKEDITOR.dom.element("body",this.getDocument());c.$.innerHTML=a;for(c=c.getChildren();c.count();)this.append(c.getItem(0));return a}}:function(a){return this.$.innerHTML=a},setText:function(){var a=document.createElement("p");a.innerHTML="x";a=a.textContent;return function(c){this.$[a?"textContent":"innerText"]=c}}(),getAttribute:function(){var a=function(c){return this.$.getAttribute(c,2)};return CKEDITOR.env.ie&&(CKEDITOR.env.ie7Compat||CKEDITOR.env.quirks)?function(c){switch(c){case "class":c=
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L2936

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: core/assets/vendor/jquery/jquery.js:2936
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- el.innerHTML = "<a href='#'></a>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L2949

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: core/assets/vendor/jquery/jquery.js:2949
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- el.innerHTML = "<input/>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output