Back to Codebase

Vulnerability Analysis Report

Joomla CMS v4.0.0-alpha5

Scan ID: SCAN-JOOMLA-CORE-6WS7XG • Hash: 2a962e14

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
1.001s

Vulnerability Details

L611

Dynamic Code Execution in HtmlDocument.php

CWE-94
File Location: libraries/src/Document/HtmlDocument.php:611
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return eval($str);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L205

Insecure DOM Manipulation (XSS) in sidebyside.js

CWE-79
File Location: build/media/com_associations/js/sidebyside.js:205
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('select-change-text').innerHTML = document.getElementById('select-change').getAttribute('data-select');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L992

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:992
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.title.getElementsByTagName('span')[0].innerHTML = this.params.debug ? year + ' ' + Date.convertNumbers(year.toString()) : Date.convertNumbers(year.toString());
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L218

Insecure DOM Manipulation (XSS) in field-simple-color.js

CWE-79
File Location: build/media/webcomponents/js/field-simple-color/field-simple-color.js:218
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- close.innerHTML = this.textClose;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L240

Insecure DOM Manipulation (XSS) in field-simple-color.js

CWE-79
File Location: build/media/webcomponents/js/field-simple-color/field-simple-color.js:240
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.icon.innerHTML = '<span class="sr-only">' + this.textSelect + '</span>';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L78

Insecure DOM Manipulation (XSS) in admin-item-edit_modules.es6.js

CWE-79
File Location: build/media_src/com_menus/js/admin-item-edit_modules.es6.js:78
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- body.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L85

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:85
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpStatus.innerHTML = `<span class="badge badge-danger">${Joomla.JText._('JNO')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L47

Insecure DOM Manipulation (XSS) in extensionupdatecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_extensionupdate/js/extensionupdatecheck.es6.js:47
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- linkSpan[i].innerHTML = Joomla.JText._('PLG_QUICKICON_EXTENSIONUPDATE_UPDATEFOUND').replace('%s', `<span class="badge badge-light">${updateInfoList.length}</span>`);
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L64

Insecure DOM Manipulation (XSS) in jupdatecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_joomlaupdate/js/jupdatecheck.es6.js:64
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- span.innerHTML = Joomla.JText._('PLG_QUICKICON_JOOMLAUPDATE_ERROR');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L39

Insecure DOM Manipulation (XSS) in helpsite.js

CWE-79
File Location: build/media/legacy/js/helpsite.js:39
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- node.innerHTML = item.text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L610

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:610
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = "<a " + classes + " style='display:inline;padding:2px 6px;cursor:pointer;text-decoration:none;' unselectable='on'>" + text + "</a>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L917

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:917
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = "&#160;";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L82

Insecure DOM Manipulation (XSS) in field-module-order.js

CWE-79
File Location: build/media/webcomponents/js/field-module-order/field-module-order.js:82
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L143

Insecure DOM Manipulation (XSS) in field-switcher.js

CWE-79
File Location: build/media/webcomponents/js/field-switcher/field-switcher.js:143
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- labelFirst.innerHTML = `${this.offText}`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L33

Insecure DOM Manipulation (XSS) in hidden-mail.js

CWE-79
File Location: build/media/webcomponents/js/hidden-mail/hidden-mail.js:33
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- newEl.innerHTML = innerStr;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L81

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:81
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpStatus.innerHTML = `<span class="badge badge-success">${Joomla.JText._('JYES')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L327

Insecure DOM Manipulation (XSS) in client.es6.js

CWE-79
File Location: build/media_src/plg_installer_webinstaller/js/client.es6.js:327
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- uploadUrlContainer.innerHTML = installUrl;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L72

Insecure DOM Manipulation (XSS) in jupdatecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_joomlaupdate/js/jupdatecheck.es6.js:72
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- span.innerHTML = Joomla.JText._('PLG_QUICKICON_JOOMLAUPDATE_ERROR');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L46

Insecure DOM Manipulation (XSS) in overridecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_overridecheck/js/overridecheck.es6.js:46
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- linkSpan[i].innerHTML = Joomla.JText._('PLG_QUICKICON_OVERRIDECHECK_ERROR');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L63

Insecure DOM Manipulation (XSS) in overridecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_overridecheck/js/overridecheck.es6.js:63
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- linkSpan[i].innerHTML = Joomla.JText._('PLG_QUICKICON_OVERRIDECHECK_ERROR');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L122

Insecure DOM Manipulation (XSS) in validate.es6.js

CWE-79
File Location: build/media_src/system/js/fields/validate.es6.js:122
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elMsg.innerHTML = message || Joomla.JText._('JLIB_FORM_FIELD_REQUIRED_VALUE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L30

Insecure DOM Manipulation (XSS) in Notifications.js

CWE-79
File Location: administrator/components/com_media/resources/scripts/app/Notifications.js:30
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- alert.innerHTML = Joomla.JText._(message, message) || '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L71

Insecure DOM Manipulation (XSS) in html5.js

CWE-79
File Location: build/media/legacy/js/html5.js:71
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- p.innerHTML = 'x<style>' + cssText + '</style>';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L894

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:894
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = date.getLocalWeekNumber(this.params.dateType); //date.convertNumbers();
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L97

Insecure DOM Manipulation (XSS) in passwordstrength.js

CWE-79
File Location: build/media/system/js/fields/passwordstrength.js:97
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- label.innerHTML = Joomla.JText._('JFIELD_PASSWORD_INDICATE_INCOMPLETE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L147

Insecure DOM Manipulation (XSS) in field-switcher.js

CWE-79
File Location: build/media/webcomponents/js/field-switcher/field-switcher.js:147
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- labelSecond.innerHTML = `${this.onText}`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L111

Insecure DOM Manipulation (XSS) in indexer.es6.js

CWE-79
File Location: build/media_src/com_finder/js/indexer.es6.js:111
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- progressMessage.innerHTML = error;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L47

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:47
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-info">${Joomla.JText._('JALL')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L68

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:68
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-info">${Joomla.JText._('JALL')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L95

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:95
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- window.parent.document.querySelector(`#access-${options.itemId}`).innerHTML = window.parent.viewLevels[updAccess];
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L64

Insecure DOM Manipulation (XSS) in extensionupdatecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_extensionupdate/js/extensionupdatecheck.es6.js:64
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- linkSpan[i].innerHTML = Joomla.JText._('PLG_QUICKICON_EXTENSIONUPDATE_ERROR');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L53

Insecure DOM Manipulation (XSS) in overridecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_overridecheck/js/overridecheck.es6.js:53
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- linkSpan[i].innerHTML = Joomla.JText._('PLG_QUICKICON_OVERRIDECHECK_ERROR_ENABLE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L483

Insecure DOM Manipulation (XSS) in core.es6.js

CWE-79
File Location: build/media_src/system/js/core.es6.js:483
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- messageWrapper.innerHTML = typeMessage;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L641

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:641
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = JoomlaCalLocale.wk;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L668

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:668
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = JoomlaCalLocale.shortDays[(i + fdow) % 7];
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L33

Insecure DOM Manipulation (XSS) in associations-edit.es6.js

CWE-79
File Location: build/media_src/com_associations/js/associations-edit.es6.js:33
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- html.innerHTML = Joomla.JText._('JGLOBAL_ASSOC_NOT_POSSIBLE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L97

Insecure DOM Manipulation (XSS) in indexer.es6.js

CWE-79
File Location: build/media_src/com_finder/js/indexer.es6.js:97
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- progressMessage.innerHTML = json.message;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L189

Insecure DOM Manipulation (XSS) in overrider.es6.js

CWE-79
File Location: build/media_src/com_languages/js/overrider.es6.js:189
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- string.innerHTML = item.string;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L61

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:61
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-danger">${Joomla.JText._('JNO')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L33

Insecure DOM Manipulation (XSS) in admin-template-compare.es6.js

CWE-79
File Location: build/media_src/com_templates/js/admin-template-compare.es6.js:33
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- const diff = JsDiff.diffLines(original.innerHTML, changed.innerHTML);
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L29

Insecure DOM Manipulation (XSS) in extensionupdatecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_extensionupdate/js/extensionupdatecheck.es6.js:29
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- linkSpan[i].innerHTML = Joomla.JText._('PLG_QUICKICON_EXTENSIONUPDATE_UPTODATE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L54

Insecure DOM Manipulation (XSS) in extensionupdatecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_extensionupdate/js/extensionupdatecheck.es6.js:54
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- linkSpan[i].innerHTML = Joomla.JText._('PLG_QUICKICON_EXTENSIONUPDATE_ERROR');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L120

Insecure DOM Manipulation (XSS) in validate.es6.js

CWE-79
File Location: build/media_src/system/js/fields/validate.es6.js:120
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elMsg.innerHTML = message || Joomla.JText._('JLIB_FORM_FIELD_REQUIRED_CHECK');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L991

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:991
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this._nav_month.getElementsByTagName('span')[0].innerHTML = this.params.debug ? month + ' ' + JoomlaCalLocale.months[month] : JoomlaCalLocale.months[month];
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L105

Insecure DOM Manipulation (XSS) in passwordstrength.js

CWE-79
File Location: build/media/system/js/fields/passwordstrength.js:105
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- label.innerHTML = Joomla.JText._('JFIELD_PASSWORD_INDICATE_INCOMPLETE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L13

Insecure DOM Manipulation (XSS) in admin-compare-compare.es6.js

CWE-79
File Location: build/media_src/com_contenthistory/js/admin-compare-compare.es6.js:13
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- const diff = window.JsDiff.diffWords(original.innerHTML, changed.innerHTML);
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L71

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:71
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-success">${Joomla.JText._('JYES')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L32

Insecure DOM Manipulation (XSS) in helpsite.js

CWE-79
File Location: build/media/legacy/js/helpsite.js:32
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById(select_id).innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L695

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:695
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = " ";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L186

Insecure DOM Manipulation (XSS) in field-media.js

CWE-79
File Location: build/media/webcomponents/js/field-media/field-media.js:186
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = '<span class="field-media-preview-icon fa fa-picture-o"></span>';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L151

Insecure DOM Manipulation (XSS) in field-subform.js

CWE-79
File Location: build/media/webcomponents/js/field-subform/field-subform.js:151
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.template = tmplElement[0].innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L94

Insecure DOM Manipulation (XSS) in field-user.js

CWE-79
File Location: build/media/webcomponents/js/field-user/field-user.js:94
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.modalBody.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L42

Insecure DOM Manipulation (XSS) in indexer.es6.js

CWE-79
File Location: build/media_src/com_finder/js/indexer.es6.js:42
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- progressMessage.innerHTML = message;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L139

Insecure DOM Manipulation (XSS) in indexer.es6.js

CWE-79
File Location: build/media_src/com_finder/js/indexer.es6.js:139
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- progressMessage.innerHTML = message;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L56

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:56
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-success">${Joomla.JText._('JYES')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L76

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:76
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-danger">${Joomla.JText._('JNO')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L215

Insecure DOM Manipulation (XSS) in client.es6.js

CWE-79
File Location: build/media_src/plg_installer_webinstaller/js/client.es6.js:215
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- errorContainer.innerHTML = request.responseText;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L56

Insecure DOM Manipulation (XSS) in jupdatecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_joomlaupdate/js/jupdatecheck.es6.js:56
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- span.innerHTML = Joomla.JText._('PLG_QUICKICON_JOOMLAUPDATE_UPTODATE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L612

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:612
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = cs ? "<div unselectable='on'" + classes + ">" + text + "</div>" : text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L93

Insecure DOM Manipulation (XSS) in passwordstrength.js

CWE-79
File Location: build/media/system/js/fields/passwordstrength.js:93
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- label.innerHTML = Joomla.JText._('JFIELD_PASSWORD_INDICATE_INCOMPLETE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L101

Insecure DOM Manipulation (XSS) in passwordstrength.js

CWE-79
File Location: build/media/system/js/fields/passwordstrength.js:101
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- label.innerHTML = Joomla.JText._('JFIELD_PASSWORD_INDICATE_INCOMPLETE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L1492

Insecure DOM Manipulation (XSS) in jquery.ui.core.js

CWE-79
File Location: build/media/vendor/jquery-ui/js/jquery.ui.core.js:1492
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- testElement.innerHTML = "";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L331

Insecure DOM Manipulation (XSS) in client.es6.js

CWE-79
File Location: build/media_src/plg_installer_webinstaller/js/client.es6.js:331
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- nameElement.innerHTML = name;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L211

Insecure DOM Manipulation (XSS) in sidebyside.js

CWE-79
File Location: build/media/com_associations/js/sidebyside.js:211
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('select-change-text').innerHTML = document.getElementById('select-change').getAttribute('data-change');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L351

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:351
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- if (el.navtype === 50) { el._current = el.innerHTML; }
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L927

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:927
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = this.params.debug ? iday : Date.convertNumbers(iday); // translated day number for each cell
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L188

Insecure DOM Manipulation (XSS) in field-media.js

CWE-79
File Location: build/media/webcomponents/js/field-media/field-media.js:188
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L257

Insecure DOM Manipulation (XSS) in edit-images.es6.js

CWE-79
File Location: build/media_src/com_media/js/edit-images.es6.js:257
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- container.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L43

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:43
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-danger">${Joomla.JText._('JNO')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L53

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:53
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-info">${Joomla.JText._('JALL')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L89

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_src/com_modules/js/admin-module-edit.es6.js:89
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpStatus.innerHTML = `<span class="badge badge-default">${Joomla.JText._('JTRASHED')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L29

Insecure DOM Manipulation (XSS) in jupdatecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_joomlaupdate/js/jupdatecheck.es6.js:29
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- span.innerHTML = Joomla.JText._('PLG_QUICKICON_JOOMLAUPDATE_UPTODATE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L31

Insecure DOM Manipulation (XSS) in overridecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_overridecheck/js/overridecheck.es6.js:31
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- linkSpan[i].innerHTML = Joomla.JText._('PLG_QUICKICON_OVERRIDECHECK_UPTODATE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L39

Insecure DOM Manipulation (XSS) in overridecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_overridecheck/js/overridecheck.es6.js:39
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- linkSpan[i].innerHTML = Joomla.JText._('PLG_QUICKICON_OVERRIDECHECK_OVERRIDEFOUND').replace('%s', `<span class="badge badge-light">${updateInfoList.length}</span>`);
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L74

Insecure DOM Manipulation (XSS) in stats-message.es6.js

CWE-79
File Location: build/media_src/plg_system_stats/js/stats-message.es6.js:74
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- messageContainer.innerHTML = json.html;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L465

Insecure DOM Manipulation (XSS) in core.es6.js

CWE-79
File Location: build/media_src/system/js/core.es6.js:465
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- buttonWrapper.innerHTML = '×';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L124

Insecure DOM Manipulation (XSS) in validate.es6.js

CWE-79
File Location: build/media_src/system/js/fields/validate.es6.js:124
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elMsg.innerHTML = message || Joomla.JText._('JLIB_FORM_FIELD_INVALID_VALUE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L23

Insecure DOM Manipulation (XSS) in template.js

CWE-79
File Location: build/warning_page/template.js:23
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- header.innerHTML = errorLocale[ref].header;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L48

Insecure DOM Manipulation (XSS) in template.js

CWE-79
File Location: build/warning_page/template.js:48
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- header.innerHTML = errorLocale[key].header;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L995

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:995
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this._nav_month.getElementsByTagName('span')[0].innerHTML = !this.params.monthBefore ? JoomlaCalLocale.months[month] + ' - ' + tmpYear : tmpYear + ' - ' + JoomlaCalLocale.months[month] ;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L89

Insecure DOM Manipulation (XSS) in passwordstrength.js

CWE-79
File Location: build/media/system/js/fields/passwordstrength.js:89
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- label.innerHTML = Joomla.JText._('JFIELD_PASSWORD_INDICATE_COMPLETE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L114

Insecure DOM Manipulation (XSS) in passwordstrength.js

CWE-79
File Location: build/media/system/js/fields/passwordstrength.js:114
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- label.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L209

Insecure DOM Manipulation (XSS) in field-simple-color.js

CWE-79
File Location: build/media/webcomponents/js/field-simple-color/field-simple-color.js:209
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- el.innerHTML = `<span class="sr-only">${a11yColor}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L178

Insecure DOM Manipulation (XSS) in field-subform.js

CWE-79
File Location: build/media/webcomponents/js/field-subform/field-subform.js:178
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpEl.innerHTML = this.template;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L89

Insecure DOM Manipulation (XSS) in field-user.js

CWE-79
File Location: build/media/webcomponents/js/field-user/field-user.js:89
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.modalBody.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L220

Insecure DOM Manipulation (XSS) in overrider.es6.js

CWE-79
File Location: build/media_src/com_languages/js/overrider.es6.js:220
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('jform_key').value = document.getElementById(`override_key${id}`).innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L66

Insecure DOM Manipulation (XSS) in edit-images.es6.js

CWE-79
File Location: build/media_src/com_media/js/edit-images.es6.js:66
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- container.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L52

Insecure DOM Manipulation (XSS) in jupdatecheck.es6.js

CWE-79
File Location: build/media_src/plg_quickicon_joomlaupdate/js/jupdatecheck.es6.js:52
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- span.innerHTML = Joomla.JText._('PLG_QUICKICON_JOOMLAUPDATE_UPDATEFOUND').replace('%s', `<span class="badge badge-light">${updateInfoList.length}</span>`);
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L386

Insecure DOM Manipulation (XSS) in searchtools.es6.js

CWE-79
File Location: build/media_src/system/js/searchtools.es6.js:386
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.orderFieldName.innerHTML += $option;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L72

Insecure DOM Manipulation (XSS) in field-module-order.js

CWE-79
File Location: build/media/webcomponents/js/field-module-order/field-module-order.js:72
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- node.innerHTML = item[2];
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L184

Insecure DOM Manipulation (XSS) in overrider.es6.js

CWE-79
File Location: build/media_src/com_languages/js/overrider.es6.js:184
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- key.innerHTML = item.constant;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L221

Insecure DOM Manipulation (XSS) in overrider.es6.js

CWE-79
File Location: build/media_src/com_languages/js/overrider.es6.js:221
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('jform_override').value = document.getElementById(`override_string${id}`).innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L39

Insecure DOM Manipulation (XSS) in edit-images.es6.js

CWE-79
File Location: build/media_src/com_media/js/edit-images.es6.js:39
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- baseContainer.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L111

Insecure DOM Manipulation (XSS) in client.es6.js

CWE-79
File Location: build/media_src/plg_installer_webinstaller/js/client.es6.js:111
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- jedContainer.innerHTML = response.data.html;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L36

Insecure DOM Manipulation (XSS) in html5.js

CWE-79
File Location: build/media/legacy/js/html5.js:36
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- a.innerHTML = '<xyz></xyz>';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L766

Insecure DOM Manipulation (XSS) in calendar.js

CWE-79
File Location: build/media/system/js/fields/calendar.js:766
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = "&#160;";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L112

Insecure DOM Manipulation (XSS) in field-permissions.js

CWE-79
File Location: build/media/webcomponents/js/field-permissions/field-permissions.js:112
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- badgeSpan.innerHTML = response.data.text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L199

Insecure DOM Manipulation (XSS) in overrider.es6.js

CWE-79
File Location: build/media_src/com_languages/js/overrider.es6.js:199
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- noresult.innerHTML = Joomla.JText._('COM_LANGUAGES_VIEW_OVERRIDE_NO_RESULTS');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L476

Insecure DOM Manipulation (XSS) in core.es6.js

CWE-79
File Location: build/media_src/system/js/core.es6.js:476
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- titleWrapper.innerHTML = Joomla.JText._(type) ? Joomla.JText._(type) : type;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L359

Insecure DOM Manipulation (XSS) in searchtools.es6.js

CWE-79
File Location: build/media_src/system/js/searchtools.es6.js:359
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.theForm.innerHTML += this.orderField.outerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output