Checkmarx reports Client Potential XSS #905
Comments
|
Is using |
|
Using Tested locally by registering this handler : $('#builder').on('getRuleFilterSelect.queryBuilder.filter', function(e) {
e.value += '<script';
e.value += '>alert("hello");</';
e.value += 'script>';
});I will make the same change on all HTML parsing |
|
Thank you for looking into this! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Our infosec area ran Checkmarx against an application using QueryBuilder which reported two potential XSS, as shown below.
I am not sure those are real problems. Could they be false positives?
Client Potential XSS\Path 1:
The application's function embeds untrusted data in the generated output with html, at line 1452 of js/query-builder.standalone.js. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
Source
File: js/query-builder.standalone.js
Line: 3152
Object: change
Destination
File: js/query-builder.standalone.js
Line: 1464
Object: html
Code snippet
Method: QueryBuilder.prototype.getRuleFilterSelect = function(rule, filters) {
Method: QueryBuilder.prototype.createRuleFilters = function(rule) {
Client Potential XSS\Path 2:
The application's function embeds untrusted data in the generated output with append, at line 1178 of js/query-builder.standalone.js. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
Source
File: js/query-builder.standalone.js
Line: 3096
Object: change
Destination
File: js/query-builder.standalone.js
Line: 1184
Object: append
Code snippet
Method: QueryBuilder.prototype.getGroupTemplate = function(group_id, level) {
Method: QueryBuilder.prototype.setRoot = function(addRule, data, flags) {
The text was updated successfully, but these errors were encountered: