Back to Codebase

Vulnerability Analysis Report

Drupal Drupal Extension vv1.0.5

Scan ID: SCAN-DRUPAL-DRUPAL-EXTENSION-XJxBel • Hash: 0ccdcb33

Severity Score
Medium
Total Findings
13
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.834s

Vulnerability Details

L1379

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: doc/_build/html/_static/jquery.js:1379
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = " <link/><table></table><a href='/a' style='top:1px;float:left;opacity:.55;'>a</a><input type='checkbox'/>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L5952

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: doc/_build/html/_static/jquery.js:5952
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elem.innerHTML = value;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L6306

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: doc/_build/html/_static/jquery.js:6306
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = elem.outerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L5001

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: doc/_build/html/_static/jquery.js:5001
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- form.innerHTML = "<a name='" + id + "'/>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L1604

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: doc/_build/html/_static/jquery.js:1604
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = "";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L1616

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: doc/_build/html/_static/jquery.js:1616
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = "<div style='width:5px;'></div>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L5065

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: doc/_build/html/_static/jquery.js:5065
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = "<a href='#'></a>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L1589

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: doc/_build/html/_static/jquery.js:1589
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = "";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L5234

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: doc/_build/html/_static/jquery.js:5234
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = "<div class='test e'></div><div class='test'></div>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L6411

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: doc/_build/html/_static/jquery.js:6411
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = wrap[1] + elem + wrap[2];
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L1572

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: doc/_build/html/_static/jquery.js:1572
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = "<table><tr><td style='" + paddingMarginBorder + "0;display:none'></td><td>t</td></tr></table>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L1621

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: doc/_build/html/_static/jquery.js:1621
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = html;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L5085

Insecure DOM Manipulation (XSS) in jquery.js

CWE-79
File Location: doc/_build/html/_static/jquery.js:5085
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = "<p class='TEST'></p>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output