SAST - Client DOM XSS issue in material-select.min.js


Topic: SAST - Client DOM XSS issue in material-select.min.js

Sandeep Jain asked 3 years ago

Expected behavior We are getting Client DOM XSS issue in material-select.min.js while scanning code for SAST.

Issue Reported in SAST Scan using CheckMarx - The application's function embeds untrusted data in the generated output with $, at line 1463 of ../material-select/material-select.min.js. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.

Actual behavior We should not get SAST- Client DOM XSS issue in material-select.min.js file.

Resources (screenshots, code snippets etc.) Reference: material-select.min.js Method value: function(e, t) { 1474. p = e.data("secondary-text") ? ''.concat(e.data("secondary-text"), "

") : "";1475. this.view.$materialOptionsList.append($('').concat(u, '').concat(d, " ").concat(e.html(), " ").concat(o, " ").concat(s, " ").concat(l, " ").concat(p, "")))


Mikołaj Smoleński staff commented 3 years ago

First of all, according to our system, you should not have access to the Select component, which is a PRO feature. Can you confirm your pro licence?

Regards


Please insert min. 20 characters.

FREE CONSULTATION

Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.

Status

Open

Specification of the issue
  • User: Free
  • Premium support: No
  • Technology: MDB jQuery
  • MDB Version: MDB4 4.18.0
  • Device: Laptop / Desktop
  • Browser: Edge and Chrome
  • OS: Windows
  • Provided sample code: No
  • Provided link: No