Topic: Checkmarx showing Vulnerabilities in ComponentLoader.prototype.show

Milind Mistry free asked 5 years ago


Hi, we ran Checkmarx scan on our application and it is showing that angular-mdb-bootstrap is vulnerable to XSS. Can this be false positive?

Please find attached screenshots for the same.

Thanks

Vulnerability??


Damian Gemza staff answered 5 years ago


Dear @Milind Mistry

As Arkadiusz said, the Component Loader class is used to inject previously defined components into view.

This class is not used by the user, but by a few of our components - like a tooltip, popover. So you don't need to worry about it - there's no XSS vulnerability.

I think, that your software (Checkmarx) has highlighted to you this part of the code because there's injecting (appendChild) component.

Best Regards,

Damian


Arkadiusz Idzikowski staff answered 5 years ago


Probably there is no such problem. Component loader is used to load previously defined Angular component. But thank you for letting us know, we will take a closer look at that.


Milind Mistry free commented 5 years ago

Thanks Arkadiusz.



Please insert min. 20 characters.

FREE CONSULTATION

Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.

Status

Resolved

Specification of the issue

  • ForumUser: Free
  • Premium support: No
  • Technology: MDB Angular
  • MDB Version: 7.5.4
  • Device: Dell
  • Browser: Chrome
  • OS: Windows
  • Provided sample code: No
  • Provided link: No