Back to Codebase

Vulnerability Analysis Report

Magento 2 Open Source v2.4.5-p10

Scan ID: SCAN-MAGENTO-CORE-71yDXK • Hash: 82b8a343

Severity Score
High
Total Findings
5
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.728s

Vulnerability Details

L93

Insecure DOM Manipulation (XSS) in authorization.js

CWE-79
File Location: app/code/Magento/AdobeIms/view/adminhtml/web/js/action/authorization.js:93
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- responseData = authWindow.document.body.innerHTML.match(
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L232

Insecure DOM Manipulation (XSS) in configure.js

CWE-79
File Location: app/code/Magento/Catalog/view/adminhtml/web/catalog/product/composite/configure.js:232
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.blockMsgError.innerHTML = response.message;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L411

Insecure DOM Manipulation (XSS) in configure.js

CWE-79
File Location: app/code/Magento/Catalog/view/adminhtml/web/catalog/product/composite/configure.js:411
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.blockMsgError.innerHTML = response.message;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L97

Insecure DOM Manipulation (XSS) in msrp.js

CWE-79
File Location: app/code/Magento/Msrp/view/base/web/js/msrp.js:97
Security Score:
75 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $msrpPopup = $(popupDOM.innerHTML.trim());
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L77

Insecure DOM Manipulation (XSS) in category-checkbox-tree.js

CWE-79
File Location: app/code/Magento/Catalog/view/adminhtml/web/js/category-checkbox-tree.js:77
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- this.el.dom.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output