React. Potential XSS vulnerability when using user data as a key. This only affects v0.5.x and v0.4.x.
Impact area
Security
Severity
low
Affected element
ServiceNow
UI Script
Salesforce
Static Resource
Rule number
SN-JSL-REACT-BETWEEN-V033-V060 (for ServiceNow)
SF-JSL-REACT-BETWEEN-V033-V060 (for Salesforce)
Impact
Typically "safe" data is used for a key, for example, an id from your database, or a unique hash. However there are cases where it may be reasonable to use user generated content. A carefully crafted piece of content could result in arbitrary JS execution.
Remediation
Update the React JS library to the latest version.
Time to fix
30 min
References
This rule is linked to Common Weakness Enumeration CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')..