TRIAL REQUEST A DEMO LOGIN

React. Potential XSS vulnerability when using user data as a key. This only affects v0.5.x and v0.4.x.

Impact area

Security

Severity

low

Affected element

ServiceNow

UI Script

Salesforce

Static Resource


Rule number

SN-JSL-REACT-BETWEEN-V033-V060 (for ServiceNow)

SF-JSL-REACT-BETWEEN-V033-V060 (for Salesforce)

Impact

Typically "safe" data is used for a key, for example, an id from your database, or a unique hash. However there are cases where it may be reasonable to use user generated content. A carefully crafted piece of content could result in arbitrary JS execution.

Remediation

Update the React JS library to the latest version.

Time to fix

30 min

References

This rule is linked to Common Weakness Enumeration CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')..

What's here


Related content

JavaScript rules

JavaScript best practices

Common Weakness Enumeration (CWE™)

Vulnerabilities in Open Source Libraries




Last modified on Jan 31, 2023
Copyright © QualityClouds 2021