Storing JWT tokens in localStorage known to be a bad practice, consider moving your tokens from localStorage to a HTTP cookie. Likelihood: LOW Confidence: LOW CWE: - CWE-922: Insecure Storage of Sensitive Information
OWASP: - A01:2021 - Broken Access Control
react-unsanitized-method
Detection of HTMLfromnon−constantdefinition.Thiscaninadvertentlyexposeuserstocross−sitescripting(XSS)attacksifthiscomesfromuser−providedinput.IfyouhavetouseHTML, consider using a sanitization library such as DOMPurify to sanitize your HTML. Likelihood: HIGH Confidence: MEDIUM CWE: - CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP: - A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection
react-dangerouslysetinnerhtml
Detection of dangerouslySetInnerHTML from non-constant definition. This can inadvertently expose users to cross-site scripting (XSS) attacks if this comes from user-provided input. If you have to use dangerouslySetInnerHTML, consider using a sanitization library such as DOMPurify to sanitize your HTML. Likelihood: MEDIUM Confidence: MEDIUM CWE: - CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP: - A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection
react-jwt-decoded-property
Property decoded from JWT token without verifying and cannot be trustworthy. Likelihood: LOW Confidence: LOW CWE: - CWE-922: Insecure Storage of Sensitive Information
OWASP: - A01:2021 - Broken Access Control
react-href-var
Detected a variable used in an anchor tag with the ‘href’ attribute. A malicious actor may be able to input the ‘javascript:’ URI, which could cause cross-site scripting (XSS). It is recommended to disallow ‘javascript:’ URIs within your application. Likelihood: LOW Confidence: LOW CWE: - CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP: - A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection
react-unsanitized-property
Detection of HTMLfromnon−constantdefinition.Thiscaninadvertentlyexposeuserstocross−sitescripting(XSS)attacksifthiscomesfromuser−providedinput.IfyouhavetouseHTML, consider using a sanitization library such as DOMPurify to sanitize your HTML. Likelihood: MEDIUM Confidence: MEDIUM CWE: - CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP: - A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection