Holiday Notice: Support will be provided on a limited scale from December 24th, 2024, to January 2nd, 2025. Happy holidays and a wonderful New Year!


Topic: SAST - Client DOM XSS issue in material-select.min.js

Sandeep Jain free asked 2 years ago


Expected behavior We are getting Client DOM XSS issue in material-select.min.js while scanning code for SAST.

Issue Reported in SAST Scan using CheckMarx - The application's function embeds untrusted data in the generated output with $, at line 1463 of ../material-select/material-select.min.js. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.

Actual behavior We should not get SAST- Client DOM XSS issue in material-select.min.js file.

Resources (screenshots, code snippets etc.) Reference: material-select.min.js Method value: function(e, t) { 1474. p = e.data("secondary-text") ? ''.concat(e.data("secondary-text"), "

") : "";1475. this.view.$materialOptionsList.append($('').concat(u, '').concat(d, " ").concat(e.html(), " ").concat(o, " ").concat(s, " ").concat(l, " ").concat(p, "")))


Mikołaj Smoleński staff commented 2 years ago

First of all, according to our system, you should not have access to the Select component, which is a PRO feature. Can you confirm your pro licence?

Regards



Please insert min. 20 characters.

FREE CONSULTATION

Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.

Status

Opened

Specification of the issue

  • ForumUser: Free
  • Premium support: No
  • Technology: MDB jQuery
  • MDB Version: MDB4 4.18.0
  • Device: Laptop / Desktop
  • Browser: Edge and Chrome
  • OS: Windows
  • Provided sample code: No
  • Provided link: No