Back to Codebase

Vulnerability Analysis Report

Joomla CMS v4.0.0-alpha6

Scan ID: SCAN-JOOMLA-CORE-4mn6lz • Hash: 22f825e4

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
1.098s

Vulnerability Details

L611

Dynamic Code Execution in HtmlDocument.php

CWE-94
File Location: libraries/src/Document/HtmlDocument.php:611
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return eval($str);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L205

Insecure DOM Manipulation (XSS) in sidebyside.js

CWE-79
File Location: build/media/com_associations/js/sidebyside.js:205
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('select-change-text').innerHTML = document.getElementById('select-change').getAttribute('data-select');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L894

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:894
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = date.getLocalWeekNumber(this.params.dateType); //date.convertNumbers();
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L188

Insecure DOM Manipulation (XSS) in field-media.js

CWE-79
File Location: build/media/webcomponents/js/field-media/field-media.js:188
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L151

Insecure DOM Manipulation (XSS) in field-subform.js

CWE-79
File Location: build/media/webcomponents/js/field-subform/field-subform.js:151
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.template = tmplElement[0].innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L43

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:43
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-danger">${Joomla.JText._('JNO')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L71

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:71
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-success">${Joomla.JText._('JYES')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L89

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:89
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpStatus.innerHTML = `<span class="badge badge-default">${Joomla.JText._('JTRASHED')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L46

Insecure DOM Manipulation (XSS) in extensionupdatecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_extensionupdate/js/extensionupdatecheck.es6.js:46
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- linkSpan[i].innerHTML = Joomla.JText._('PLG_QUICKICON_EXTENSIONUPDATE_UPDATEFOUND').replace('%s', `<span class="badge badge-light">${updateInfoList.length}</span>`);
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L74

Insecure DOM Manipulation (XSS) in stats-message.es6.js

CWE-79
File Location: build/media_src/plg_system_stats/js/stats-message.es6.js:74
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- messageContainer.innerHTML = json.html;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L71

Insecure DOM Manipulation (XSS) in html5.js

CWE-79
File Location: build/media/legacy/js/html5.js:71
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- p.innerHTML = 'x<style>' + cssText + '</style>';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L94

Insecure DOM Manipulation (XSS) in field-user.js

CWE-79
File Location: build/media/webcomponents/js/field-user/field-user.js:94
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.modalBody.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L110

Insecure DOM Manipulation (XSS) in indexer.es6.js

CWE-79
File Location: build/media_src/com_finder/js/indexer.es6.js:110
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- progressMessage.innerHTML = json.message;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L78

Insecure DOM Manipulation (XSS) in admin-item-edit_modules.es6.js

CWE-79
File Location: build/media_src/com_menus/js/admin-item-edit_modules.es6.js:78
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- body.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L53

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:53
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-info">${Joomla.JText._('JALL')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L56

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:56
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-success">${Joomla.JText._('JYES')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L76

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:76
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-danger">${Joomla.JText._('JNO')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L29

Insecure DOM Manipulation (XSS) in extensionupdatecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_extensionupdate/js/extensionupdatecheck.es6.js:29
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- linkSpan[i].innerHTML = Joomla.JText._('PLG_QUICKICON_EXTENSIONUPDATE_UPTODATE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L29

Insecure DOM Manipulation (XSS) in jupdatecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_joomlaupdate/js/jupdatecheck.es6.js:29
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- span.innerHTML = Joomla.JText._('PLG_QUICKICON_JOOMLAUPDATE_UPTODATE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L72

Insecure DOM Manipulation (XSS) in jupdatecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_joomlaupdate/js/jupdatecheck.es6.js:72
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- span.innerHTML = Joomla.JText._('PLG_QUICKICON_JOOMLAUPDATE_ERROR');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L63

Insecure DOM Manipulation (XSS) in overridecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_overridecheck/js/overridecheck.es6.js:63
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- linkSpan[i].innerHTML = Joomla.JText._('PLG_QUICKICON_OVERRIDECHECK_ERROR');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L49

Insecure DOM Manipulation (XSS) in template.js

CWE-79
File Location: build/warning_page/template.js:49
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- header.innerHTML = errorLocale[key].header;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L612

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:612
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = cs ? "<div unselectable='on'" + classes + ">" + text + "</div>" : text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L114

Insecure DOM Manipulation (XSS) in passwordstrength.js

CWE-79
File Location: build/media/system/js/fields/passwordstrength.js:114
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- label.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L221

Insecure DOM Manipulation (XSS) in overrider.es6.js

CWE-79
File Location: build/media_src/com_languages/js/overrider.es6.js:221
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('jform_override').value = document.getElementById(`override_string${id}`).innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L61

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:61
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-danger">${Joomla.JText._('JNO')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L51

Insecure DOM Manipulation (XSS) in jupdatecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_joomlaupdate/js/jupdatecheck.es6.js:51
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- span.innerHTML = Joomla.JText._('PLG_QUICKICON_JOOMLAUPDATE_UPDATEFOUND').replace('%s', `<span class="badge badge-light"> \u200E ${updateInfo.version}</span>`);
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L122

Insecure DOM Manipulation (XSS) in validate.es6.js

CWE-79
File Location: build/media_src/system/js/fields/validate.es6.js:122
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elMsg.innerHTML = message || Joomla.JText._('JLIB_FORM_FIELD_REQUIRED_VALUE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L400

Insecure DOM Manipulation (XSS) in searchtools.es6.js

CWE-79
File Location: build/media_src/system/js/searchtools.es6.js:400
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.orderFieldName.innerHTML += $option;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L15

Insecure DOM Manipulation (XSS) in showon.es6.js

CWE-79
File Location: build/media_src/system/js/showon.es6.js:15
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('container-collapse').innerHTML = `<div class="collapse fade" id="collapse-${name}"><iframe class="iframe" src="${url}" height="${height}" width="100%"></iframe></div>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L24

Insecure DOM Manipulation (XSS) in template.js

CWE-79
File Location: build/warning_page/template.js:24
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- header.innerHTML = errorLocale[ref].header;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L351

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:351
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- if (el.navtype === 50) { el._current = el.innerHTML; }
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L992

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:992
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.title.getElementsByTagName('span')[0].innerHTML = this.params.debug ? year + ' ' + Date.convertNumbers(year.toString()) : Date.convertNumbers(year.toString());
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L995

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:995
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this._nav_month.getElementsByTagName('span')[0].innerHTML = !this.params.monthBefore ? JoomlaCalLocale.months[month] + ' - ' + tmpYear : tmpYear + ' - ' + JoomlaCalLocale.months[month] ;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L89

Insecure DOM Manipulation (XSS) in passwordstrength.js

CWE-79
File Location: build/media/system/js/fields/passwordstrength.js:89
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- label.innerHTML = Joomla.JText._('JFIELD_PASSWORD_INDICATE_COMPLETE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L97

Insecure DOM Manipulation (XSS) in passwordstrength.js

CWE-79
File Location: build/media/system/js/fields/passwordstrength.js:97
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- label.innerHTML = Joomla.JText._('JFIELD_PASSWORD_INDICATE_INCOMPLETE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L112

Insecure DOM Manipulation (XSS) in field-permissions.js

CWE-79
File Location: build/media/webcomponents/js/field-permissions/field-permissions.js:112
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- badgeSpan.innerHTML = response.data.text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L209

Insecure DOM Manipulation (XSS) in field-simple-color.js

CWE-79
File Location: build/media/webcomponents/js/field-simple-color/field-simple-color.js:209
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- el.innerHTML = `<span class="sr-only">${a11yColor}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L178

Insecure DOM Manipulation (XSS) in field-subform.js

CWE-79
File Location: build/media/webcomponents/js/field-subform/field-subform.js:178
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpEl.innerHTML = this.template;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L89

Insecure DOM Manipulation (XSS) in field-user.js

CWE-79
File Location: build/media/webcomponents/js/field-user/field-user.js:89
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.modalBody.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L33

Insecure DOM Manipulation (XSS) in associations-edit.es6.js

CWE-79
File Location: build/media_src/com_associations/js/associations-edit.es6.js:33
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- html.innerHTML = Joomla.JText._('JGLOBAL_ASSOC_NOT_POSSIBLE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L30

Insecure DOM Manipulation (XSS) in admin-articles-workflow-buttons.es6.js

CWE-79
File Location: build/media_src/com_content/js/admin-articles-workflow-buttons.es6.js:30
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- modalcontent.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L47

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:47
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-info">${Joomla.JText._('JALL')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L63

Insecure DOM Manipulation (XSS) in extensionupdatecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_extensionupdate/js/extensionupdatecheck.es6.js:63
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- linkSpan[i].innerHTML = Joomla.JText._('PLG_QUICKICON_EXTENSIONUPDATE_ERROR');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L695

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:695
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = " ";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L82

Insecure DOM Manipulation (XSS) in field-module-order.js

CWE-79
File Location: build/media/webcomponents/js/field-module-order/field-module-order.js:82
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L240

Insecure DOM Manipulation (XSS) in field-simple-color.js

CWE-79
File Location: build/media/webcomponents/js/field-simple-color/field-simple-color.js:240
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.icon.innerHTML = '<span class="sr-only">' + this.textSelect + '</span>';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L33

Insecure DOM Manipulation (XSS) in hidden-mail.js

CWE-79
File Location: build/media/webcomponents/js/hidden-mail/hidden-mail.js:33
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- newEl.innerHTML = innerStr;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L112

Insecure DOM Manipulation (XSS) in admin-articles-workflow-buttons.es6.js

CWE-79
File Location: build/media_src/com_content/js/admin-articles-workflow-buttons.es6.js:112
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- modalcontent.innerHTML = html;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L66

Insecure DOM Manipulation (XSS) in edit-images.es6.js

CWE-79
File Location: build/media_src/com_media/js/edit-images.es6.js:66
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- container.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L33

Insecure DOM Manipulation (XSS) in admin-template-compare.es6.js

CWE-79
File Location: build/media_src/com_templates/js/admin-template-compare.es6.js:33
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- const diff = JsDiff.diffLines(original.innerHTML, changed.innerHTML);
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L85

Insecure DOM Manipulation (XSS) in client.es6.js

CWE-79
File Location: build/media_src/plg_installer_webinstaller/js/client.es6.js:85
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- jedContainer.innerHTML = response.data.html;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L53

Insecure DOM Manipulation (XSS) in overridecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_overridecheck/js/overridecheck.es6.js:53
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- linkSpan[i].innerHTML = Joomla.JText._('PLG_QUICKICON_OVERRIDECHECK_ERROR_ENABLE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L610

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:610
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = "<a " + classes + " style='display:inline;padding:2px 6px;cursor:pointer;text-decoration:none;' unselectable='on'>" + text + "</a>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L991

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:991
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this._nav_month.getElementsByTagName('span')[0].innerHTML = this.params.debug ? month + ' ' + JoomlaCalLocale.months[month] : JoomlaCalLocale.months[month];
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L93

Insecure DOM Manipulation (XSS) in passwordstrength.js

CWE-79
File Location: build/media/system/js/fields/passwordstrength.js:93
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- label.innerHTML = Joomla.JText._('JFIELD_PASSWORD_INDICATE_INCOMPLETE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L105

Insecure DOM Manipulation (XSS) in passwordstrength.js

CWE-79
File Location: build/media/system/js/fields/passwordstrength.js:105
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- label.innerHTML = Joomla.JText._('JFIELD_PASSWORD_INDICATE_INCOMPLETE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L147

Insecure DOM Manipulation (XSS) in field-switcher.js

CWE-79
File Location: build/media/webcomponents/js/field-switcher/field-switcher.js:147
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- labelSecond.innerHTML = `${this.onText}`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L189

Insecure DOM Manipulation (XSS) in overrider.es6.js

CWE-79
File Location: build/media_src/com_languages/js/overrider.es6.js:189
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- string.innerHTML = item.string;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L39

Insecure DOM Manipulation (XSS) in edit-images.es6.js

CWE-79
File Location: build/media_src/com_media/js/edit-images.es6.js:39
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- baseContainer.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L307

Insecure DOM Manipulation (XSS) in client.es6.js

CWE-79
File Location: build/media_src/plg_installer_webinstaller/js/client.es6.js:307
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- uploadUrlContainer.innerHTML = installUrl;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L124

Insecure DOM Manipulation (XSS) in validate.es6.js

CWE-79
File Location: build/media_src/system/js/fields/validate.es6.js:124
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elMsg.innerHTML = message || Joomla.JText._('JLIB_FORM_FIELD_INVALID_VALUE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L30

Insecure DOM Manipulation (XSS) in Notifications.js

CWE-79
File Location: administrator/components/com_media/resources/scripts/app/Notifications.js:30
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- alert.innerHTML = Joomla.JText._(message, message) || '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L36

Insecure DOM Manipulation (XSS) in html5.js

CWE-79
File Location: build/media/legacy/js/html5.js:36
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- a.innerHTML = '<xyz></xyz>';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L766

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:766
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = "&#160;";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L218

Insecure DOM Manipulation (XSS) in field-simple-color.js

CWE-79
File Location: build/media/webcomponents/js/field-simple-color/field-simple-color.js:218
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- close.innerHTML = this.textClose;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L13

Insecure DOM Manipulation (XSS) in admin-compare-compare.es6.js

CWE-79
File Location: build/media_src/com_contenthistory/js/admin-compare-compare.es6.js:13
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- const diff = window.JsDiff.diffWords(original.innerHTML, changed.innerHTML);
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L152

Insecure DOM Manipulation (XSS) in indexer.es6.js

CWE-79
File Location: build/media_src/com_finder/js/indexer.es6.js:152
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- progressMessage.innerHTML = message;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L184

Insecure DOM Manipulation (XSS) in overrider.es6.js

CWE-79
File Location: build/media_src/com_languages/js/overrider.es6.js:184
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- key.innerHTML = item.constant;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L187

Insecure DOM Manipulation (XSS) in client.es6.js

CWE-79
File Location: build/media_src/plg_installer_webinstaller/js/client.es6.js:187
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- errorContainer.innerHTML = request.responseText;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L39

Insecure DOM Manipulation (XSS) in overridecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_overridecheck/js/overridecheck.es6.js:39
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- linkSpan[i].innerHTML = Joomla.JText._('PLG_QUICKICON_OVERRIDECHECK_OVERRIDEFOUND').replace('%s', `<span class="badge badge-light">${updateInfoList.length}</span>`);
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L482

Insecure DOM Manipulation (XSS) in core.es6.js

CWE-79
File Location: build/media_src/system/js/core.es6.js:482
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- titleWrapper.innerHTML = Joomla.JText._(type) ? Joomla.JText._(type) : type;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L186

Insecure DOM Manipulation (XSS) in field-media.js

CWE-79
File Location: build/media/webcomponents/js/field-media/field-media.js:186
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = '<span class="field-media-preview-icon fa fa-picture-o"></span>';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L124

Insecure DOM Manipulation (XSS) in indexer.es6.js

CWE-79
File Location: build/media_src/com_finder/js/indexer.es6.js:124
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- progressMessage.innerHTML = error;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L220

Insecure DOM Manipulation (XSS) in overrider.es6.js

CWE-79
File Location: build/media_src/com_languages/js/overrider.es6.js:220
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('jform_key').value = document.getElementById(`override_key${id}`).innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L68

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:68
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-info">${Joomla.JText._('JALL')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L120

Insecure DOM Manipulation (XSS) in validate.es6.js

CWE-79
File Location: build/media_src/system/js/fields/validate.es6.js:120
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elMsg.innerHTML = message || Joomla.JText._('JLIB_FORM_FIELD_REQUIRED_CHECK');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L211

Insecure DOM Manipulation (XSS) in sidebyside.js

CWE-79
File Location: build/media/com_associations/js/sidebyside.js:211
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('select-change-text').innerHTML = document.getElementById('select-change').getAttribute('data-change');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L32

Insecure DOM Manipulation (XSS) in helpsite.js

CWE-79
File Location: build/media/legacy/js/helpsite.js:32
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById(select_id).innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L668

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:668
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = JoomlaCalLocale.shortDays[(i + fdow) % 7];
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L42

Insecure DOM Manipulation (XSS) in indexer.es6.js

CWE-79
File Location: build/media_src/com_finder/js/indexer.es6.js:42
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- progressMessage.innerHTML = message;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L92

Insecure DOM Manipulation (XSS) in indexer.es6.js

CWE-79
File Location: build/media_src/com_finder/js/indexer.es6.js:92
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById(`finder-${context[0].replace(/\s+/g, '-').toLowerCase()}`).innerHTML = `${json.pluginState[context[0]].offset} of ${json.pluginState[context[0]].total}`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L199

Insecure DOM Manipulation (XSS) in overrider.es6.js

CWE-79
File Location: build/media_src/com_languages/js/overrider.es6.js:199
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- noresult.innerHTML = Joomla.JText._('COM_LANGUAGES_VIEW_OVERRIDE_NO_RESULTS');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L257

Insecure DOM Manipulation (XSS) in edit-images.es6.js

CWE-79
File Location: build/media_src/com_media/js/edit-images.es6.js:257
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- container.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L56

Insecure DOM Manipulation (XSS) in jupdatecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_joomlaupdate/js/jupdatecheck.es6.js:56
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- span.innerHTML = Joomla.JText._('PLG_QUICKICON_JOOMLAUPDATE_UPTODATE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L64

Insecure DOM Manipulation (XSS) in jupdatecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_joomlaupdate/js/jupdatecheck.es6.js:64
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- span.innerHTML = Joomla.JText._('PLG_QUICKICON_JOOMLAUPDATE_ERROR');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L641

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:641
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = JoomlaCalLocale.wk;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L927

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:927
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = this.params.debug ? iday : Date.convertNumbers(iday); // translated day number for each cell
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L101

Insecure DOM Manipulation (XSS) in passwordstrength.js

CWE-79
File Location: build/media/system/js/fields/passwordstrength.js:101
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- label.innerHTML = Joomla.JText._('JFIELD_PASSWORD_INDICATE_INCOMPLETE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L46

Insecure DOM Manipulation (XSS) in overridecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_overridecheck/js/overridecheck.es6.js:46
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- linkSpan[i].innerHTML = Joomla.JText._('PLG_QUICKICON_OVERRIDECHECK_ERROR');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L489

Insecure DOM Manipulation (XSS) in core.es6.js

CWE-79
File Location: build/media_src/system/js/core.es6.js:489
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- messageWrapper.innerHTML = typeMessage;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L39

Insecure DOM Manipulation (XSS) in helpsite.js

CWE-79
File Location: build/media/legacy/js/helpsite.js:39
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- node.innerHTML = item.text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L917

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:917
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = "&#160;";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L1492

Insecure DOM Manipulation (XSS) in jquery.ui.core.js

CWE-79
File Location: build/media/vendor/jquery-ui/js/jquery.ui.core.js:1492
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- testElement.innerHTML = "";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L72

Insecure DOM Manipulation (XSS) in field-module-order.js

CWE-79
File Location: build/media/webcomponents/js/field-module-order/field-module-order.js:72
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- node.innerHTML = item[2];
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L143

Insecure DOM Manipulation (XSS) in field-switcher.js

CWE-79
File Location: build/media/webcomponents/js/field-switcher/field-switcher.js:143
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- labelFirst.innerHTML = `${this.offText}`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L81

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:81
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpStatus.innerHTML = `<span class="badge badge-success">${Joomla.JText._('JYES')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L85

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:85
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpStatus.innerHTML = `<span class="badge badge-danger">${Joomla.JText._('JNO')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L95

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:95
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- window.parent.document.querySelector(`#access-${options.itemId}`).innerHTML = window.parent.viewLevels[updAccess];
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L311

Insecure DOM Manipulation (XSS) in client.es6.js

CWE-79
File Location: build/media_src/plg_installer_webinstaller/js/client.es6.js:311
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- nameElement.innerHTML = name;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output