Impact area
Security
Severity
low
Affected element
ServiceNow
UI Script
Salesforce
Static Resource
Rule number
SN-JSL-REACT-BETWEEN-V033-V060 (for ServiceNow)
SF-JSL-REACT-BETWEEN-V033-V060 (for Salesforce)
Impact #
Typically “safe” data is used for a key, for example, an id from your database, or a unique hash. However there are cases where it may be reasonable to use user generated content. A carefully crafted piece of content could result in arbitrary JS execution.
Remediation
Update the React JS library to the latest version.
Time to fix
30 min
References #
This rule is linked to Common Weakness Enumeration CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’).
