Back to Codebase

Vulnerability Analysis Report

Joomla CMS v4.0.0-alpha10

Scan ID: SCAN-JOOMLA-CORE-UvUezR • Hash: 5e26566d

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.528s

Vulnerability Details

L612

Dynamic Code Execution in HtmlDocument.php

CWE-94
File Location: libraries/src/Document/HtmlDocument.php:612
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return eval($str);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L44

Insecure DOM Manipulation (XSS) in admin-system-loader.es6.js

CWE-79
File Location: build/media_source/com_cpanel/js/admin-system-loader.es6.js:44
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elem.innerHTML = response.data;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L42

Insecure DOM Manipulation (XSS) in indexer.es6.js

CWE-79
File Location: build/media_source/com_finder/js/indexer.es6.js:42
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- progressMessage.innerHTML = message;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L139

Insecure DOM Manipulation (XSS) in joomla-field-permissions.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-permissions.w-c.es6.js:139
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- badgeSpan.innerHTML = response.data.text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L1492

Insecure DOM Manipulation (XSS) in jquery.ui.core.es5.js

CWE-79
File Location: build/media_source/vendor/jquery-ui/js/jquery.ui.core.es5.js:1492
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- testElement.innerHTML = "";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L30

Insecure DOM Manipulation (XSS) in Notifications.js

CWE-79
File Location: administrator/components/com_media/resources/scripts/app/Notifications.js:30
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- alert.innerHTML = Joomla.JText._(message, message) || '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L33

Insecure DOM Manipulation (XSS) in associations-edit.es6.js

CWE-79
File Location: build/media_source/com_associations/js/associations-edit.es6.js:33
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- html.innerHTML = Joomla.JText._('JGLOBAL_ASSOC_NOT_POSSIBLE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L152

Insecure DOM Manipulation (XSS) in indexer.es6.js

CWE-79
File Location: build/media_source/com_finder/js/indexer.es6.js:152
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- progressMessage.innerHTML = message;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L51

Insecure DOM Manipulation (XSS) in changelog.es6.js

CWE-79
File Location: build/media_source/com_installer/js/changelog.es6.js:51
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- modal.innerHTML = xhr.statusText;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L95

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:95
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- window.parent.document.querySelector(`#access-${options.itemId}`).innerHTML = window.parent.viewLevels[updAccess];
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L32

Insecure DOM Manipulation (XSS) in helpsite.es5.js

CWE-79
File Location: build/media_source/legacy/js/helpsite.es5.js:32
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById(select_id).innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L36

Insecure DOM Manipulation (XSS) in html5.es5.js

CWE-79
File Location: build/media_source/legacy/js/html5.es5.js:36
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- a.innerHTML = '<xyz></xyz>';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L351

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:351
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- if (el.navtype === 50) { el._current = el.innerHTML; }
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L695

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:695
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = " ";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L220

Insecure DOM Manipulation (XSS) in joomla-field-simple-color.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-simple-color.w-c.es6.js:220
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- el.innerHTML = `<span class="sr-only">${a11yColor}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L56

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:56
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-success">${Joomla.JText._('JYES')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L76

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:76
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-danger">${Joomla.JText._('JNO')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L89

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:89
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpStatus.innerHTML = `<span class="badge badge-default">${Joomla.JText._('JTRASHED')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L223

Insecure DOM Manipulation (XSS) in tinymce-builder.es6.js

CWE-79
File Location: build/media_source/plg_editors_tinymce/js/tinymce-builder.es6.js:223
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- element.innerHTML += input;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L85

Insecure DOM Manipulation (XSS) in client.es6.js

CWE-79
File Location: build/media_source/plg_installer_webinstaller/js/client.es6.js:85
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- jedContainer.innerHTML = response.data.html;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L24

Insecure DOM Manipulation (XSS) in extensionupdatecheck.es6.js

CWE-79
File Location: build/media_source/plg_quickicon_extensionupdate/js/extensionupdatecheck.es6.js:24
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- span.innerHTML = text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L27

Insecure DOM Manipulation (XSS) in overridecheck.es6.js

CWE-79
File Location: build/media_source/plg_quickicon_overridecheck/js/overridecheck.es6.js:27
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- span.innerHTML = text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L917

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:917
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = "&#160;";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L82

Insecure DOM Manipulation (XSS) in joomla-field-module-order.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-module-order.w-c.es6.js:82
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L157

Insecure DOM Manipulation (XSS) in joomla-field-subform.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-subform.w-c.es6.js:157
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.template = tmplElement[0].innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L24

Insecure DOM Manipulation (XSS) in template.js

CWE-79
File Location: build/warning_page/template.js:24
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- header.innerHTML = errorLocale[ref].header;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L148

Insecure DOM Manipulation (XSS) in admin-articles-workflow-buttons.es6.js

CWE-79
File Location: build/media_source/com_content/js/admin-articles-workflow-buttons.es6.js:148
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- modalcontent.innerHTML = html;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L78

Insecure DOM Manipulation (XSS) in admin-item-edit_modules.es6.js

CWE-79
File Location: build/media_source/com_menus/js/admin-item-edit_modules.es6.js:78
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- body.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L61

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:61
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-danger">${Joomla.JText._('JNO')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L71

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:71
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-success">${Joomla.JText._('JYES')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L81

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:81
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpStatus.innerHTML = `<span class="badge badge-success">${Joomla.JText._('JYES')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L311

Insecure DOM Manipulation (XSS) in client.es6.js

CWE-79
File Location: build/media_source/plg_installer_webinstaller/js/client.es6.js:311
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- nameElement.innerHTML = name;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L27

Insecure DOM Manipulation (XSS) in privacycheck.es6.js

CWE-79
File Location: build/media_source/plg_quickicon_privacycheck/js/privacycheck.es6.js:27
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- span.innerHTML = text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L121

Insecure DOM Manipulation (XSS) in joomla-field-user.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-user.w-c.es6.js:121
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.modalBody.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L89

Insecure DOM Manipulation (XSS) in passwordstrength.es5.js

CWE-79
File Location: build/media_source/system/js/fields/passwordstrength.es5.js:89
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- label.innerHTML = Joomla.JText._('JFIELD_PASSWORD_INDICATE_COMPLETE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L49

Insecure DOM Manipulation (XSS) in template.js

CWE-79
File Location: build/warning_page/template.js:49
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- header.innerHTML = errorLocale[key].header;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L13

Insecure DOM Manipulation (XSS) in admin-compare-compare.es6.js

CWE-79
File Location: build/media_source/com_contenthistory/js/admin-compare-compare.es6.js:13
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- const diff = window.JsDiff.diffWords(original.innerHTML, changed.innerHTML);
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L39

Insecure DOM Manipulation (XSS) in edit-images.es6.js

CWE-79
File Location: build/media_source/com_media/js/edit-images.es6.js:39
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- baseContainer.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L53

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:53
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-info">${Joomla.JText._('JALL')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L33

Insecure DOM Manipulation (XSS) in admin-template-compare.es6.js

CWE-79
File Location: build/media_source/com_templates/js/admin-template-compare.es6.js:33
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- const diff = JsDiff.diffLines(original.innerHTML, changed.innerHTML);
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L101

Insecure DOM Manipulation (XSS) in passwordstrength.es5.js

CWE-79
File Location: build/media_source/system/js/fields/passwordstrength.es5.js:101
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- label.innerHTML = Joomla.JText._('JFIELD_PASSWORD_INDICATE_INCOMPLETE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L64

Insecure DOM Manipulation (XSS) in admin-articles-workflow-buttons.es6.js

CWE-79
File Location: build/media_source/com_content/js/admin-articles-workflow-buttons.es6.js:64
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- modalcontent.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L110

Insecure DOM Manipulation (XSS) in indexer.es6.js

CWE-79
File Location: build/media_source/com_finder/js/indexer.es6.js:110
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- progressMessage.innerHTML = json.message;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L48

Insecure DOM Manipulation (XSS) in changelog.es6.js

CWE-79
File Location: build/media_source/com_installer/js/changelog.es6.js:48
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- modal.innerHTML = message;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L220

Insecure DOM Manipulation (XSS) in overrider.es6.js

CWE-79
File Location: build/media_source/com_languages/js/overrider.es6.js:220
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('jform_key').value = document.getElementById(`override_key${id}`).innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L47

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:47
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-info">${Joomla.JText._('JALL')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L39

Insecure DOM Manipulation (XSS) in helpsite.es5.js

CWE-79
File Location: build/media_source/legacy/js/helpsite.es5.js:39
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- node.innerHTML = item.text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L312

Insecure DOM Manipulation (XSS) in tinymce-builder.es6.js

CWE-79
File Location: build/media_source/plg_editors_tinymce/js/tinymce-builder.es6.js:312
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elem.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L475

Insecure DOM Manipulation (XSS) in core.es6.js

CWE-79
File Location: build/media_source/system/js/core.es6.js:475
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- buttonWrapper.innerHTML = '×';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L610

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:610
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = "<a " + classes + " style='display:inline;padding:2px 6px;cursor:pointer;text-decoration:none;' unselectable='on'>" + text + "</a>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L612

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:612
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = cs ? "<div unselectable='on'" + classes + ">" + text + "</div>" : text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L641

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:641
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = JoomlaCalLocale.wk;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L120

Insecure DOM Manipulation (XSS) in validate.es6.js

CWE-79
File Location: build/media_source/system/js/fields/validate.es6.js:120
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elMsg.innerHTML = message || Joomla.JText._('JLIB_FORM_FIELD_REQUIRED_CHECK');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L17

Insecure DOM Manipulation (XSS) in joomla-hidden-mail.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/joomla-hidden-mail.w-c.es6.js:17
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L216

Insecure DOM Manipulation (XSS) in sidebyside.es5.js

CWE-79
File Location: build/media_source/com_associations/js/sidebyside.es5.js:216
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('select-change-text').innerHTML = document.getElementById('select-change').getAttribute('data-select');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L222

Insecure DOM Manipulation (XSS) in sidebyside.es5.js

CWE-79
File Location: build/media_source/com_associations/js/sidebyside.es5.js:222
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('select-change-text').innerHTML = document.getElementById('select-change').getAttribute('data-change');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L199

Insecure DOM Manipulation (XSS) in overrider.es6.js

CWE-79
File Location: build/media_source/com_languages/js/overrider.es6.js:199
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- noresult.innerHTML = Joomla.JText._('COM_LANGUAGES_VIEW_OVERRIDE_NO_RESULTS');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L221

Insecure DOM Manipulation (XSS) in overrider.es6.js

CWE-79
File Location: build/media_source/com_languages/js/overrider.es6.js:221
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById('jform_override').value = document.getElementById(`override_string${id}`).innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L307

Insecure DOM Manipulation (XSS) in client.es6.js

CWE-79
File Location: build/media_source/plg_installer_webinstaller/js/client.es6.js:307
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- uploadUrlContainer.innerHTML = installUrl;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L24

Insecure DOM Manipulation (XSS) in jupdatecheck.es6.js

CWE-79
File Location: build/media_source/plg_quickicon_joomlaupdate/js/jupdatecheck.es6.js:24
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- span.innerHTML = text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L493

Insecure DOM Manipulation (XSS) in core.es6.js

CWE-79
File Location: build/media_source/system/js/core.es6.js:493
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- messageWrapper.innerHTML = typeMessage;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L766

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:766
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = "&#160;";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L927

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:927
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = this.params.debug ? iday : Date.convertNumbers(iday); // translated day number for each cell
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L992

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:992
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.title.getElementsByTagName('span')[0].innerHTML = this.params.debug ? year + ' ' + Date.convertNumbers(year.toString()) : Date.convertNumbers(year.toString());
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L126

Insecure DOM Manipulation (XSS) in joomla-field-user.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-user.w-c.es6.js:126
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.modalBody.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L124

Insecure DOM Manipulation (XSS) in validate.es6.js

CWE-79
File Location: build/media_source/system/js/fields/validate.es6.js:124
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elMsg.innerHTML = message || Joomla.JText._('JLIB_FORM_FIELD_INVALID_VALUE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L441

Insecure DOM Manipulation (XSS) in searchtools.es6.js

CWE-79
File Location: build/media_source/system/js/searchtools.es6.js:441
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.orderFieldName.innerHTML += $option;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L124

Insecure DOM Manipulation (XSS) in indexer.es6.js

CWE-79
File Location: build/media_source/com_finder/js/indexer.es6.js:124
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- progressMessage.innerHTML = error;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L261

Insecure DOM Manipulation (XSS) in edit-images.es6.js

CWE-79
File Location: build/media_source/com_media/js/edit-images.es6.js:261
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- container.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L85

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:85
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpStatus.innerHTML = `<span class="badge badge-danger">${Joomla.JText._('JNO')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L223

Insecure DOM Manipulation (XSS) in joomla-field-media.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-media.w-c.es6.js:223
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L229

Insecure DOM Manipulation (XSS) in joomla-field-simple-color.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-simple-color.w-c.es6.js:229
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- close.innerHTML = this.textClose;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L105

Insecure DOM Manipulation (XSS) in passwordstrength.es5.js

CWE-79
File Location: build/media_source/system/js/fields/passwordstrength.es5.js:105
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- label.innerHTML = Joomla.JText._('JFIELD_PASSWORD_INDICATE_INCOMPLETE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L122

Insecure DOM Manipulation (XSS) in validate.es6.js

CWE-79
File Location: build/media_source/system/js/fields/validate.es6.js:122
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elMsg.innerHTML = message || Joomla.JText._('JLIB_FORM_FIELD_REQUIRED_VALUE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L51

Insecure DOM Manipulation (XSS) in joomla-hidden-mail.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/joomla-hidden-mail.w-c.es6.js:51
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.newElement.innerHTML = innerStr;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L92

Insecure DOM Manipulation (XSS) in indexer.es6.js

CWE-79
File Location: build/media_source/com_finder/js/indexer.es6.js:92
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById(`finder-${context[0].replace(/\s+/g, '-').toLowerCase()}`).innerHTML = `${json.pluginState[context[0]].offset} of ${json.pluginState[context[0]].total}`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L184

Insecure DOM Manipulation (XSS) in overrider.es6.js

CWE-79
File Location: build/media_source/com_languages/js/overrider.es6.js:184
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- key.innerHTML = item.constant;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L68

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:68
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-info">${Joomla.JText._('JALL')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L991

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:991
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this._nav_month.getElementsByTagName('span')[0].innerHTML = this.params.debug ? month + ' ' + JoomlaCalLocale.months[month] : JoomlaCalLocale.months[month];
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L221

Insecure DOM Manipulation (XSS) in joomla-field-media.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-media.w-c.es6.js:221
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- div.innerHTML = '<span class="field-media-preview-icon"></span>';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L189

Insecure DOM Manipulation (XSS) in overrider.es6.js

CWE-79
File Location: build/media_source/com_languages/js/overrider.es6.js:189
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- string.innerHTML = item.string;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L66

Insecure DOM Manipulation (XSS) in edit-images.es6.js

CWE-79
File Location: build/media_source/com_media/js/edit-images.es6.js:66
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- container.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L71

Insecure DOM Manipulation (XSS) in html5.es5.js

CWE-79
File Location: build/media_source/legacy/js/html5.es5.js:71
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- p.innerHTML = 'x<style>' + cssText + '</style>';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L286

Insecure DOM Manipulation (XSS) in tinymce-builder.es6.js

CWE-79
File Location: build/media_source/plg_editors_tinymce/js/tinymce-builder.es6.js:286
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- box.innerHTML += $btn;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L318

Insecure DOM Manipulation (XSS) in tinymce-builder.es6.js

CWE-79
File Location: build/media_source/plg_editors_tinymce/js/tinymce-builder.es6.js:318
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- elem.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L187

Insecure DOM Manipulation (XSS) in client.es6.js

CWE-79
File Location: build/media_source/plg_installer_webinstaller/js/client.es6.js:187
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- errorContainer.innerHTML = request.responseText;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L486

Insecure DOM Manipulation (XSS) in core.es6.js

CWE-79
File Location: build/media_source/system/js/core.es6.js:486
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- titleWrapper.innerHTML = Joomla.Text._(type) ? Joomla.Text._(type) : type;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L668

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:668
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = JoomlaCalLocale.shortDays[(i + fdow) % 7];
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L894

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:894
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- cell.innerHTML = date.getLocalWeekNumber(this.params.dateType); //date.convertNumbers();
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L995

Insecure DOM Manipulation (XSS) in calendar.es5.js

CWE-79
File Location: build/media_source/system/js/fields/calendar.es5.js:995
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this._nav_month.getElementsByTagName('span')[0].innerHTML = !this.params.monthBefore ? JoomlaCalLocale.months[month] + ' - ' + tmpYear : tmpYear + ' - ' + JoomlaCalLocale.months[month] ;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L72

Insecure DOM Manipulation (XSS) in joomla-field-module-order.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-module-order.w-c.es6.js:72
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- node.innerHTML = item[2];
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L251

Insecure DOM Manipulation (XSS) in joomla-field-simple-color.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-simple-color.w-c.es6.js:251
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.icon.innerHTML = `<span class="sr-only">${this.textSelect}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L97

Insecure DOM Manipulation (XSS) in passwordstrength.es5.js

CWE-79
File Location: build/media_source/system/js/fields/passwordstrength.es5.js:97
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- label.innerHTML = Joomla.JText._('JFIELD_PASSWORD_INDICATE_INCOMPLETE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L114

Insecure DOM Manipulation (XSS) in passwordstrength.es5.js

CWE-79
File Location: build/media_source/system/js/fields/passwordstrength.es5.js:114
Security Score:
66 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- label.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L43

Insecure DOM Manipulation (XSS) in admin-module-edit.es6.js

CWE-79
File Location: build/media_source/com_modules/js/admin-module-edit.es6.js:43
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpMenu.innerHTML = `<span class="badge badge-danger">${Joomla.JText._('JNO')}</span>`;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L74

Insecure DOM Manipulation (XSS) in stats-message.es6.js

CWE-79
File Location: build/media_source/plg_system_stats/js/stats-message.es6.js:74
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- messageContainer.innerHTML = json.html;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L184

Insecure DOM Manipulation (XSS) in joomla-field-subform.w-c.es6.js

CWE-79
File Location: build/media_source/system/js/fields/joomla-field-subform.w-c.es6.js:184
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmpEl.innerHTML = this.template;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L93

Insecure DOM Manipulation (XSS) in passwordstrength.es5.js

CWE-79
File Location: build/media_source/system/js/fields/passwordstrength.es5.js:93
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- label.innerHTML = Joomla.JText._('JFIELD_PASSWORD_INDICATE_INCOMPLETE');
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L414

Insecure DOM Manipulation (XSS) in searchtools.es6.js

CWE-79
File Location: build/media_source/system/js/searchtools.es6.js:414
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.theForm.innerHTML += this.orderField.outerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L50

Weak Cryptographic Hash (MD5) in logcreator.php

CWE-327
File Location: administrator/components/com_actionlogs/models/fields/logcreator.php:50
Security Score:
38 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $hash = md5($this->element);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing