Back to Codebase

Vulnerability Analysis Report

Joomla CMS v4.0.0-beta

Scan ID: SCAN-JOOMLA-CORE-EGAP8v • Hash: 052c3ffc

Severity Score
Medium
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.6s

Vulnerability Details

L52

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:52
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-info">${Joomla.JText._('JALL')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L75

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:75
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-danger">${Joomla.JText._('JNO')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L80

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:80
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpStatus.innerHTML = `<span class="badge badge-success">${Joomla.JText._('JYES')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L593

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:593
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = "<a " + classes + " style='display:inline;padding:2px 6px;cursor:pointer;text-decoration:none;' unselectable='on'>" + text + "</a>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L913

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:913
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = this.params.debug ? iday : Date.convertNumbers(iday); // translated day number for each cell
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L978

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:978
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.title.getElementsByTagName('span')[0].innerHTML = this.params.debug ? year + ' ' + Date.convertNumbers(year.toString()) : Date.convertNumbers(year.toString());
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L124

Insecure DOM Manipulation (XSS) in validate.es6.js

CWE-79
File Location: build/media_source/system/js/fields/validate.es6.js:124
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elMsg.innerHTML = message || Joomla.JText._('JLIB_FORM_FIELD_INVALID_VALUE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L224

Insecure DOM Manipulation (XSS) in sidebyside.es5.js

CWE-79
File Location: build/media_source/com_associations/js/sidebyside.es5.js:224
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('select-change-text').innerHTML = document.getElementById('select-change').getAttribute('data-change');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L42

Insecure DOM Manipulation (XSS) in indexer.es6.js

CWE-79
File Location: build/media_source/com_finder/js/indexer.es6.js:42
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- progressMessage.innerHTML = message;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L88

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:88
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpStatus.innerHTML = `<span class="badge badge-default">${Joomla.JText._('JTRASHED')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L24

Insecure DOM Manipulation (XSS) in extensionupdatecheck.es6.js

CWE-79
File Location: build/media_source/plg_quickicon_extensionupdate/js/extensionupdatecheck.es6.js:24
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- span.innerHTML = text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L977

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:977
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this._nav_month.getElementsByTagName('span')[0].innerHTML = this.params.debug ? month + ' ' + JoomlaCalLocale.months[month] : JoomlaCalLocale.months[month];
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L230

Insecure DOM Manipulation (XSS) in joomla-field-media.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-media.w-c.es6.js:230
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = '<span class="field-media-preview-icon"></span>';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L271

Insecure DOM Manipulation (XSS) in joomla-field-simple-color.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-simple-color.w-c.es6.js:271
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.icon.innerHTML = `<span class="sr-only">${this.textSelect}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L187

Insecure DOM Manipulation (XSS) in joomla-field-subform.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-subform.w-c.es6.js:187
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpEl.innerHTML = this.template;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L51

Insecure DOM Manipulation (XSS) in joomla-hidden-mail.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/joomla-hidden-mail.w-c.es6.js:51
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.newElement.innerHTML = innerStr;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L11

Insecure DOM Manipulation (XSS) in admin-compare-compare.es6.js

CWE-79
File Location: build/media_source/com_contenthistory/js/admin-compare-compare.es6.js:11
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- textarea.innerHTML = html;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L153

Insecure DOM Manipulation (XSS) in indexer.es6.js

CWE-79
File Location: build/media_source/com_finder/js/indexer.es6.js:153
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- progressMessage.innerHTML = message;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L51

Insecure DOM Manipulation (XSS) in changelog.es6.js

CWE-79
File Location: build/media_source/com_installer/js/changelog.es6.js:51
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- modal.innerHTML = xhr.statusText;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L261

Insecure DOM Manipulation (XSS) in edit-images.es6.js

CWE-79
File Location: build/media_source/com_media/js/edit-images.es6.js:261
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- container.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L27

Insecure DOM Manipulation (XSS) in overridecheck.es6.js

CWE-79
File Location: build/media_source/plg_quickicon_overridecheck/js/overridecheck.es6.js:27
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- span.innerHTML = text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L334

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:334
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- if (el.navtype === 50) { el._current = el.innerHTML; }
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L139

Insecure DOM Manipulation (XSS) in joomla-field-permissions.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-permissions.w-c.es6.js:139
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- badgeSpan.innerHTML = response.data.text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L249

Insecure DOM Manipulation (XSS) in joomla-field-simple-color.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-simple-color.w-c.es6.js:249
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- close.innerHTML = this.textClose;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L460

Insecure DOM Manipulation (XSS) in searchtools.es6.js

CWE-79
File Location: build/media_source/system/js/searchtools.es6.js:460
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.orderFieldName.innerHTML += $option;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L218

Insecure DOM Manipulation (XSS) in sidebyside.es5.js

CWE-79
File Location: build/media_source/com_associations/js/sidebyside.es5.js:218
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('select-change-text').innerHTML = document.getElementById('select-change').getAttribute('data-select');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L125

Insecure DOM Manipulation (XSS) in indexer.es6.js

CWE-79
File Location: build/media_source/com_finder/js/indexer.es6.js:125
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- progressMessage.innerHTML = error;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L189

Insecure DOM Manipulation (XSS) in overrider.es6.js

CWE-79
File Location: build/media_source/com_languages/js/overrider.es6.js:189
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- string.innerHTML = item.string;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L42

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:42
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-danger">${Joomla.JText._('JNO')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L70

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:70
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-success">${Joomla.JText._('JYES')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L223

Insecure DOM Manipulation (XSS) in tinymce-builder.es6.js

CWE-79
File Location: build/media_source/plg_editors_tinymce/js/tinymce-builder.es6.js:223
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- element.innerHTML += input;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L749

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:749
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = "&#160;";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L160

Insecure DOM Manipulation (XSS) in joomla-field-subform.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-subform.w-c.es6.js:160
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.template = tmplElement[0].innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L24

Insecure DOM Manipulation (XSS) in template.js

CWE-79
File Location: build/warning_page/template.js:24
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- header.innerHTML = errorLocale[ref].header;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L33

Insecure DOM Manipulation (XSS) in associations-edit.es6.js

CWE-79
File Location: build/media_source/com_associations/js/associations-edit.es6.js:33
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- html.innerHTML = Joomla.JText._('JGLOBAL_ASSOC_NOT_POSSIBLE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L93

Insecure DOM Manipulation (XSS) in indexer.es6.js

CWE-79
File Location: build/media_source/com_finder/js/indexer.es6.js:93
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById(`finder-${context[0].replace(/\s+/g, '-').toLowerCase()}`).innerHTML = `${json.pluginState[context[0]].offset} of ${json.pluginState[context[0]].total}`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L184

Insecure DOM Manipulation (XSS) in overrider.es6.js

CWE-79
File Location: build/media_source/com_languages/js/overrider.es6.js:184
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- key.innerHTML = item.constant;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L67

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:67
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-info">${Joomla.JText._('JALL')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L24

Insecure DOM Manipulation (XSS) in jupdatecheck.es6.js

CWE-79
File Location: build/media_source/plg_quickicon_joomlaupdate/js/jupdatecheck.es6.js:24
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- span.innerHTML = text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L624

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:624
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = JoomlaCalLocale.wk;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L678

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:678
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = " ";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L240

Insecure DOM Manipulation (XSS) in joomla-field-simple-color.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-simple-color.w-c.es6.js:240
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- el.innerHTML = `<span class="sr-only">${a11yColor}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L17

Insecure DOM Manipulation (XSS) in joomla-hidden-mail.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/joomla-hidden-mail.w-c.es6.js:17
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L215

Insecure DOM Manipulation (XSS) in default.es5.js

CWE-79
File Location: build/media_source/com_joomlaupdate/js/default.es5.js:215
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- extensionData.element.innerHTML = html;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L39

Insecure DOM Manipulation (XSS) in edit-images.es6.js

CWE-79
File Location: build/media_source/com_media/js/edit-images.es6.js:39
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- baseContainer.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L80

Insecure DOM Manipulation (XSS) in admin-item-edit_modules.es6.js

CWE-79
File Location: build/media_source/com_menus/js/admin-item-edit_modules.es6.js:80
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- body.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L286

Insecure DOM Manipulation (XSS) in tinymce-builder.es6.js

CWE-79
File Location: build/media_source/plg_editors_tinymce/js/tinymce-builder.es6.js:286
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- box.innerHTML += $btn;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L232

Insecure DOM Manipulation (XSS) in joomla-field-media.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-media.w-c.es6.js:232
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L49

Insecure DOM Manipulation (XSS) in template.js

CWE-79
File Location: build/warning_page/template.js:49
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- header.innerHTML = errorLocale[key].header;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L199

Insecure DOM Manipulation (XSS) in overrider.es6.js

CWE-79
File Location: build/media_source/com_languages/js/overrider.es6.js:199
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- noresult.innerHTML = Joomla.JText._('COM_LANGUAGES_VIEW_OVERRIDE_NO_RESULTS');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L220

Insecure DOM Manipulation (XSS) in overrider.es6.js

CWE-79
File Location: build/media_source/com_languages/js/overrider.es6.js:220
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('jform_key').value = document.getElementById(`override_key${id}`).innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L66

Insecure DOM Manipulation (XSS) in edit-images.es6.js

CWE-79
File Location: build/media_source/com_media/js/edit-images.es6.js:66
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- container.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L981

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:981
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this._nav_month.getElementsByTagName('span')[0].innerHTML = !this.params.monthBefore ? JoomlaCalLocale.months[month] + ' - ' + tmpYear : tmpYear + ' - ' + JoomlaCalLocale.months[month] ;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L121

Insecure DOM Manipulation (XSS) in joomla-field-user.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-user.w-c.es6.js:121
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.modalBody.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L126

Insecure DOM Manipulation (XSS) in joomla-field-user.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-user.w-c.es6.js:126
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.modalBody.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L42

Insecure DOM Manipulation (XSS) in admin-system-loader.es6.js

CWE-79
File Location: build/media_source/com_cpanel/js/admin-system-loader.es6.js:42
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elem.innerHTML = response.data;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L48

Insecure DOM Manipulation (XSS) in changelog.es6.js

CWE-79
File Location: build/media_source/com_installer/js/changelog.es6.js:48
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- modal.innerHTML = message;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L312

Insecure DOM Manipulation (XSS) in tinymce-builder.es6.js

CWE-79
File Location: build/media_source/plg_editors_tinymce/js/tinymce-builder.es6.js:312
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elem.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L129

Insecure DOM Manipulation (XSS) in client.es6.js

CWE-79
File Location: build/media_source/plg_installer_webinstaller/js/client.es6.js:129
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- errorContainer.innerHTML = request.responseText;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L595

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:595
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = cs ? "<div unselectable='on'" + classes + ">" + text + "</div>" : text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L651

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:651
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = JoomlaCalLocale.shortDays[(i + fdow) % 7];
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L880

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:880
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = date.getLocalWeekNumber(this.params.dateType); //date.convertNumbers();
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L72

Insecure DOM Manipulation (XSS) in joomla-field-module-order.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-module-order.w-c.es6.js:72
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- node.innerHTML = item[2];
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L111

Insecure DOM Manipulation (XSS) in indexer.es6.js

CWE-79
File Location: build/media_source/com_finder/js/indexer.es6.js:111
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- progressMessage.innerHTML = json.message;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L49

Insecure DOM Manipulation (XSS) in default.es5.js

CWE-79
File Location: build/media_source/com_joomlaupdate/js/default.es5.js:49
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- fileSizeElement.innerHTML = Joomla.JText._('JGLOBAL_SELECTED_UPLOAD_FILE_SIZE').replace('%s', fileSizeMB.toFixed(2) + ' MB');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L221

Insecure DOM Manipulation (XSS) in overrider.es6.js

CWE-79
File Location: build/media_source/com_languages/js/overrider.es6.js:221
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('jform_override').value = document.getElementById(`override_string${id}`).innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L46

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:46
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-info">${Joomla.JText._('JALL')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L60

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:60
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-danger">${Joomla.JText._('JNO')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L94

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:94
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- window.parent.document.querySelector(`#access-${options.itemId}`).innerHTML = window.parent.viewLevels[updAccess];
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L318

Insecure DOM Manipulation (XSS) in tinymce-builder.es6.js

CWE-79
File Location: build/media_source/plg_editors_tinymce/js/tinymce-builder.es6.js:318
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elem.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L74

Insecure DOM Manipulation (XSS) in stats-message.es6.js

CWE-79
File Location: build/media_source/plg_system_stats/js/stats-message.es6.js:74
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- messageContainer.innerHTML = json.html;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L903

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:903
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = "&#160;";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L82

Insecure DOM Manipulation (XSS) in joomla-field-module-order.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-module-order.w-c.es6.js:82
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L12

Insecure DOM Manipulation (XSS) in joomla-core-loader.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/joomla-core-loader.w-c.es6.js:12
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- template.innerHTML = `<style>{{CSS_CONTENTS_PLACEHOLDER}}</style>
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L33

Insecure DOM Manipulation (XSS) in admin-template-compare.es6.js

CWE-79
File Location: build/media_source/com_templates/js/admin-template-compare.es6.js:33
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- const diff = Diff.diffLines(original.innerHTML, changed.innerHTML);
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L270

Insecure DOM Manipulation (XSS) in management.es6.js

CWE-79
File Location: build/media_source/plg_system_webauthn/js/management.es6.js:270
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elLabelTD.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L122

Insecure DOM Manipulation (XSS) in validate.es6.js

CWE-79
File Location: build/media_source/system/js/fields/validate.es6.js:122
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elMsg.innerHTML = message || Joomla.JText._('JLIB_FORM_FIELD_REQUIRED_VALUE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L17

Insecure DOM Manipulation (XSS) in admin-compare-compare.es6.js

CWE-79
File Location: build/media_source/com_contenthistory/js/admin-compare-compare.es6.js:17
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- const diff = window.Diff.diffWords(original.innerHTML, changed.innerHTML);
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L55

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:55
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-success">${Joomla.JText._('JYES')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L84

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:84
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpStatus.innerHTML = `<span class="badge badge-danger">${Joomla.JText._('JNO')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L90

Insecure DOM Manipulation (XSS) in client.es6.js

CWE-79
File Location: build/media_source/plg_installer_webinstaller/js/client.es6.js:90
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- jedContainer.innerHTML = response.data.html;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L120

Insecure DOM Manipulation (XSS) in validate.es6.js

CWE-79
File Location: build/media_source/system/js/fields/validate.es6.js:120
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elMsg.innerHTML = message || Joomla.JText._('JLIB_FORM_FIELD_REQUIRED_CHECK');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L433

Insecure DOM Manipulation (XSS) in searchtools.es6.js

CWE-79
File Location: build/media_source/system/js/searchtools.es6.js:433
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.theForm.innerHTML += this.orderField.outerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L92

Weak Cryptographic Hash (MD5) in CacheStorage.php

CWE-327
File Location: libraries/src/Cache/CacheStorage.php:92
Security Score:
38 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->_hash = md5($app->get('secret'));
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L696

Weak Cryptographic Hash (MD5) in CategoryModel.php

CWE-327
File Location: administrator/components/com_categories/src/Model/CategoryModel.php:696
Security Score:
37 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $key = md5(json_encode($associations));
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L706

Weak Cryptographic Hash (MD5) in FieldModel.php

CWE-327
File Location: administrator/components/com_fields/src/Model/FieldModel.php:706
Security Score:
37 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $key = md5(serialize($fieldIds) . $itemId);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L564

Weak Cryptographic Hash (MD5) in HtmlDocument.php

CWE-327
File Location: libraries/src/Document/HtmlDocument.php:564
Security Score:
37 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $hash = md5(serialize(array($name, $attribs, null, get_class($renderer))));
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L99

Weak Cryptographic Hash (MD5) in PredefinedlistField.php

CWE-327
File Location: libraries/src/Form/Field/PredefinedlistField.php:99
Security Score:
37 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $hash = md5($this->element);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L231

Weak Cryptographic Hash (MD5) in Version.php

CWE-327
File Location: libraries/src/Version.php:231
Security Score:
37 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return md5($this->getLongVersion() . Factory::getApplication()->get('secret') . (new Date)->toSql());
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L135

Weak Cryptographic Hash (MD5) in PasswordHash.php

CWE-327
File Location: libraries/phpass/PasswordHash.php:135
Security Score:
36 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $hash = md5($salt . $password, TRUE);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L74

Weak Cryptographic Hash (MD5) in ApplicationHelper.php

CWE-327
File Location: libraries/src/Application/ApplicationHelper.php:74
Security Score:
36 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return md5(Factory::getApplication()->get('secret') . $seed);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L55

Weak Cryptographic Hash (MD5) in LimitboxField.php

CWE-327
File Location: libraries/src/Form/Field/LimitboxField.php:55
Security Score:
36 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $hash = md5($this->element);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L47

Weak Cryptographic Hash (MD5) in Category.php

CWE-327
File Location: libraries/src/HTML/Helpers/Category.php:47
Security Score:
36 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $hash = md5($extension . '.' . serialize($config));
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L7729

Weak Cryptographic Hash (MD5) in restore.php

CWE-327
File Location: administrator/components/com_joomlaupdate/restore.php:7729
Security Score:
35 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $lookupKey = md5($password . '-' . $nBits);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L87

Weak Cryptographic Hash (MD5) in MD5Handler.php

CWE-327
File Location: libraries/src/Authentication/Password/MD5Handler.php:87
Security Score:
35 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $testcrypt = md5($plaintext . $salt) . ($salt ? ':' . $salt : (strpos($hashed, ':') !== false ? ':' : ''));
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L48

Weak Cryptographic Hash (MD5) in Tag.php

CWE-327
File Location: libraries/src/HTML/Helpers/Tag.php:48
Security Score:
35 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $hash = md5(serialize($config));
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L7944

Weak Cryptographic Hash (MD5) in restore.php

CWE-327
File Location: administrator/components/com_joomlaupdate/restore.php:7944
Security Score:
33 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $lookupKey = "PBKDF2-$algorithm-$iterations-" . md5($password . $staticSalt);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L137

Weak Cryptographic Hash (MD5) in PasswordHash.php

CWE-327
File Location: libraries/phpass/PasswordHash.php:137
Security Score:
33 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $hash = md5($hash . $password, TRUE);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L1662

Weak Cryptographic Hash (MD5) in ItemModel.php

CWE-327
File Location: administrator/components/com_menus/src/Model/ItemModel.php:1662
Security Score:
32 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $key = md5(json_encode($associations));
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L50

Weak Cryptographic Hash (MD5) in LogcreatorField.php

CWE-327
File Location: administrator/components/com_actionlogs/src/Field/LogcreatorField.php:50
Security Score:
31 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $hash = md5($this->element);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing