Checkmarx showing Vulnerabilities in ComponentLoader.prototy

  1. MDB Home Page
  2. Support Main Page
  3. MDB Angular
Topic: Checkmarx showing Vulnerabilities in ComponentLoader.prototype.show

Milind Mistry asked 6 years ago

Hi, we ran Checkmarx scan on our application and it is showing that angular-mdb-bootstrap is vulnerable to XSS. Can this be false positive?

Please find attached screenshots for the same.

Thanks

Vulnerability??

Arkadiusz Idzikowski staff answered 5 years ago

Probably there is no such problem. Component loader is used to load previously defined Angular component. But thank you for letting us know, we will take a closer look at that.

Milind Mistry commented 5 years ago

Thanks Arkadiusz.

Damian Gemza staff answered 5 years ago

Dear @Milind Mistry

As Arkadiusz said, the Component Loader class is used to inject previously defined components into view.

This class is not used by the user, but by a few of our components - like a tooltip, popover. So you don't need to worry about it - there's no XSS vulnerability.

I think, that your software (Checkmarx) has highlighted to you this part of the code because there's injecting (appendChild) component.

Best Regards,

Damian

Write
Create snippet
Please insert min. 20 characters.

FREE CONSULTATION

Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.
Status

Resolved

Specification of the issue
  • User: Free
  • Premium support: No
  • Technology: MDB Angular
  • MDB Version: 7.5.4
  • Device: Dell
  • Browser: Chrome
  • OS: Windows
  • Provided sample code: No
  • Provided link: No
Tags
xss-security checkmarx
Related topics
0
Checkmark color change inside checkbox.
About author
Milind Mistry
5Support score
1Questions 0Answers
0Snippets likes 0Snippets