Back to Codebase

Vulnerability Analysis Report

Drupal Core v8.0-alpha8

Scan ID: SCAN-DRUPAL-CORE-f2zaV0 • Hash: 4e0d67e5

Severity Score
High
Total Findings
5
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.927s

Vulnerability Details

L70

Insecure DOM Manipulation (XSS) in ckeditor.js

CWE-79
File Location: core/assets/vendor/ckeditor/ckeditor.js:70
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- "");var b=this.$.ownerDocument.createElement("div");b.appendChild(this.$.cloneNode(true));return b.innerHTML},getClientRect:function(){var b=CKEDITOR.tools.extend({},this.$.getBoundingClientRect());!b.width&&(b.width=b.right-b.left);!b.height&&(b.height=b.bottom-b.top);return b},setHtml:function(){var b=function(b){return this.$.innerHTML=b};return CKEDITOR.env.ie&&CKEDITOR.env.version<9?function(b){try{return this.$.innerHTML=b}catch(a){this.$.innerHTML="";var c=new CKEDITOR.dom.element("body",this.getDocument());
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L632

Insecure DOM Manipulation (XSS) in jquery.form.js

CWE-79
File Location: core/assets/vendor/jquery-form/jquery.form.js:632
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- xhr.responseText = docRoot ? docRoot.innerHTML : null;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L278

Insecure DOM Manipulation (XSS) in qunit.js

CWE-79
File Location: core/assets/vendor/jquery.ui/external/qunit.js:278
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- b.innerHTML = this.nameHtml + " <b class='counts'>(<b class='failed'>" + bad + "</b>, <b class='passed'>" + good + "</b>, " + this.assertions.length + ")</b>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L459

Insecure DOM Manipulation (XSS) in ckeditor.js

CWE-79
File Location: core/assets/vendor/ckeditor/ckeditor.js:459
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- d+";\\'></body></html>";e.push('<iframe hidefocus="true" frameborder="0" id="cke_dialog_background_iframe" src="javascript:');e.push("void((function(){"+encodeURIComponent("document.open();("+CKEDITOR.tools.fixDomain+")();document.write( '"+d+"' );document.close();")+"})())");e.push('" style="position:absolute;left:0;top:0;width:100%;height: 100%;filter: progid:DXImageTransform.Microsoft.Alpha(opacity=0)"></iframe>')}e.push("</div>");g=CKEDITOR.dom.element.createFromHtml(e.join(""));g.setOpacity(f!=
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L105

Insecure DOM Manipulation (XSS) in qunit.js

CWE-79
File Location: core/assets/vendor/jquery.ui/external/qunit.js:105
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- a.innerHTML = "Rerun";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output