I've identified a Cross-Site Scripting (XSS) vulnerability in this application.
Vulnerability Details:
Severity: High/Critical
Description: There's a risk of malicious script execution when the review is controlled by an adversary.
Steps to Reproduce:
In utils/data/products.ts, modify the description of reviews to include the <img src="" onError=alert(1) />
The script will run on every user's webpage
Suggested Fix or Mitigation:
Sanitize the review description before rendering it.
I've already fixed and tested this issue, and have submitted a pull request with the necessary changes. Please review and merge my pull request at your earliest convenience to resolve this vulnerability. Thanks!
Fix for Cross-Site Scripting (XSS) Vulnerability
I've identified a Cross-Site Scripting (XSS) vulnerability in this application.
Vulnerability Details:
Steps to Reproduce:
<img src="" onError=alert(1) />
Suggested Fix or Mitigation: Sanitize the review description before rendering it.
I've already fixed and tested this issue, and have submitted a pull request with the necessary changes. Please review and merge my pull request at your earliest convenience to resolve this vulnerability. Thanks!