Back to Codebase

Vulnerability Analysis Report

Drupal Core v8.7.4

Scan ID: SCAN-DRUPAL-CORE-n20ntU • Hash: 8bb88f80

Severity Score
High
Total Findings
5
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
1.033s

Vulnerability Details

L9761

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: core/assets/vendor/jquery/jquery.js:9761
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- body.innerHTML = "<form></form><form></form>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L96

Insecure DOM Manipulation (XSS) in ckeditor.js

CWE-79
File Location: core/assets/vendor/ckeditor/ckeditor.js:96
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.$.getBoundingClientRect());!g.width&&(g.width=g.right-g.left);!g.height&&(g.height=g.bottom-g.top);return d?CKEDITOR.tools.getAbsoluteRectPosition(this.getWindow(),g):g},setHtml:CKEDITOR.env.ie&&9>CKEDITOR.env.version?function(d){try{var g=this.$;if(this.getParent())return g.innerHTML=d;var b=this.getDocument()._getHtml5ShivFrag();b.appendChild(g);g.innerHTML=d;b.removeChild(g);return d}catch(a){this.$.innerHTML="";g=new CKEDITOR.dom.element("body",this.getDocument());g.$.innerHTML=d;for(g=g.getChildren();g.count();)this.append(g.getItem(0));
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L783

Insecure DOM Manipulation (XSS) in ckeditor.js

CWE-79
File Location: core/assets/vendor/ckeditor/ckeditor.js:783
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- shy:"­",gt:"\x3e",lt:"\x3c",amp:"\x26",apos:"'",quot:'"'};e=e.replace(/\b(nbsp|shy|gt|lt|amp|apos|quot)(?:,|$)/g,function(d,a){var e=c?"\x26"+a+";":l[a];h[e]=c?l[a]:"\x26"+a+";";b.push(e);return""});e=e.replace(/,$/,"");if(!c&&e){e=e.split(",");var k=document.createElement("div"),d;k.innerHTML="\x26"+e.join(";\x26")+";";d=k.innerHTML;k=null;for(k=0;k<d.length;k++){var g=d.charAt(k);h[g]="\x26"+e[k]+";";b.push(g)}}h.regex=b.join(c?"|":"");return h}CKEDITOR.plugins.add("entities",{afterInit:function(f){function c(a){return g[a]}
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L2762

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: core/assets/vendor/jquery/jquery.js:2762
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- el.innerHTML = "<input/>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L6104

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: core/assets/vendor/jquery/jquery.js:6104
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = "";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output