Overwriting transformLinkUri or transformImageUri to something insecure, or turning allowDangerousHtml on, or turning escapeHtml off, will open the code up to XSS vectors. Likelihood: LOW Confidence: LOW CWE: - CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP: - A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection
react-insecure-request
Unencrypted request over HTTP detected. Likelihood: LOW Confidence: MEDIUM CWE: - CWE-319: Cleartext Transmission of Sensitive Information
OWASP: - A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures