CVE-2024-22411: Unescaped Array Iteration To Innerhtml
Direct assignment to `innerHTML` derived from iterating arrays and building HTML segments without sanitization allows for DOM-based Cross-Site Scripting (XSS). Sanitize user-controlled fields using a library like DOMPurify before composing the HTML string.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0
JS
JSgreprules fetch cve-2024-22411-unescaped-array-iteration-to-innerhtml --engine opengrepDescription
Direct assignment to `innerHTML` derived from iterating arrays and building HTML segments without sanitization allows for DOM-based Cross-Site Scripting (XSS). Sanitize user-controlled fields using a library like DOMPurify before composing the HTML string.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0