Topic: Checkmarx showing Vulnerabilities in ComponentLoader.prototype.show
Hi, we ran Checkmarx scan on our application and it is showing that angular-mdb-bootstrap is vulnerable to XSS. Can this be false positive?
Please find attached screenshots for the same.
Thanks
Dear @Milind Mistry
As Arkadiusz said, the Component Loader class is used to inject previously defined components into view.
This class is not used by the user, but by a few of our components - like a tooltip, popover. So you don't need to worry about it - there's no XSS vulnerability.
I think, that your software (Checkmarx) has highlighted to you this part of the code because there's injecting (appendChild) component.
Best Regards,
Damian
Probably there is no such problem. Component loader is used to load previously defined Angular component. But thank you for letting us know, we will take a closer look at that.
FREE CONSULTATION
Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.
Resolved
- ForumUser: Free
- Premium support: No
- Technology: MDB Angular
- MDB Version: 7.5.4
- Device: Dell
- Browser: Chrome
- OS: Windows
- Provided sample code: No
- Provided link: No