Topic: SAST - Client DOM XSS issue in material-select.min.js
Expected behavior We are getting Client DOM XSS issue in material-select.min.js while scanning code for SAST.
Issue Reported in SAST Scan using CheckMarx - The application's function embeds untrusted data in the generated output with $, at line 1463 of ../material-select/material-select.min.js. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
Actual behavior We should not get SAST- Client DOM XSS issue in material-select.min.js file.
Resources (screenshots, code snippets etc.) Reference: material-select.min.js Method value: function(e, t) { 1474. p = e.data("secondary-text") ? ''.concat(e.data("secondary-text"), "
") : "";1475. this.view.$materialOptionsList.append($('').concat(u, '').concat(d, " ").concat(e.html(), " ").concat(o, " ").concat(s, " ").concat(l, " ").concat(p, "")))FREE CONSULTATION
Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.
Opened
- ForumUser: Free
- Premium support: No
- Technology: MDB jQuery
- MDB Version: MDB4 4.18.0
- Device: Laptop / Desktop
- Browser: Edge and Chrome
- OS: Windows
- Provided sample code: No
- Provided link: No
Mikołaj Smoleński staff commented 1 year ago
First of all, according to our system, you should not have access to the Select component, which is a PRO feature. Can you confirm your pro licence?
Regards