XSS vulnerability in Ext JS Action Column getTip
Security
High
ServiceNow
UI Script
Salesforce
Static Resource
Rule number
SN-JSL-002 (for ServiceNow)
SF-JSL-002 (for Salesforce)
Impact
The getTip()
method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. The getTip()
method of Action Columns takes HTML-escaped data and un-escapes it. If the tool tip contains user-controlled data, an attacker could exploit this to create a cross-site scripting attack, even when developers took precautions and escaped data.
Remediation
Upgrade to Ext JS version 6.6.0 or later. There is no code fix for this vulnerability, other than ensuring that the getTip()
method is never used.
References
This rule is linked to Common Weakness Enumeration CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').