Back to Codebase

Vulnerability Analysis Report

Drupal Core v8.0.0-alpha15

Scan ID: SCAN-DRUPAL-CORE-zzmrAJ • Hash: d1ee59e2

Severity Score
High
Total Findings
5
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.819s

Vulnerability Details

L6

Insecure DOM Manipulation (XSS) in html5.js

CWE-79
File Location: core/assets/vendor/html5shiv/html5.js:6
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- c=d.insertBefore(c.lastChild,d.firstChild);b.hasCSS=!!c}g||t(a,b);return a}var k=l.html5||{},s=/^<|^(?:button|map|select|textarea|object|iframe|option|optgroup)$/i,r=/^(?:a|b|code|div|fieldset|h1|h2|h3|h4|h5|h6|i|label|li|ol|p|q|span|strong|style|table|tbody|td|th|tr|ul)$/i,j,o="_html5shiv",h=0,n={},g;(function(){try{var a=f.createElement("a");a.innerHTML="<xyz></xyz>";j="hidden"in a;var b;if(!(b=1==a.childNodes.length)){f.createElement("a");var c=f.createDocumentFragment();b="undefined"==typeof c.cloneNode||
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L91

Insecure DOM Manipulation (XSS) in jquery.metadata.js

CWE-79
File Location: core/assets/vendor/jquery.ui/external/jquery.metadata.js:91
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- data = $.trim(e[0].innerHTML);
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L818

Insecure DOM Manipulation (XSS) in qunit.js

CWE-79
File Location: core/assets/vendor/jquery.ui/external/qunit.js:818
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tests.innerHTML = "";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L73

Insecure DOM Manipulation (XSS) in ckeditor.js

CWE-79
File Location: core/assets/vendor/ckeditor/ckeditor.js:73
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- b},setText:function(){var b=document.createElement("p");b.innerHTML="x";b=b.textContent;return function(a){this.$[b?"textContent":"innerText"]=a}}(),getAttribute:function(){var b=function(b){return this.$.getAttribute(b,2)};return CKEDITOR.env.ie&&(CKEDITOR.env.ie7Compat||CKEDITOR.env.quirks)?function(b){switch(b){case "class":b="className";break;case "http-equiv":b="httpEquiv";break;case "name":return this.$.name;case "tabindex":b=this.$.getAttribute(b,2);b!==0&&this.$.tabIndex===0&&(b=null);return b;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L251

Insecure DOM Manipulation (XSS) in qunit.js

CWE-79
File Location: core/assets/vendor/jquery.ui/external/qunit.js:251
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- li.innerHTML = assertion.message || ( assertion.result ? "okay" : "failed" );
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output