Version: 4.2.4
File: webix.js
-
Line 16: window.eval(t) The file webix.js interprets unvalidated user input as source code on line 16. Interpreting user-controlled instructions at run-time can allow attackers to execute malicious code.
-
Line 16: window.execScript(t): The file webix.js interprets unvalidated user input as source code on line 16. Interpreting user-controlled instructions at run-time can allow attackers to execute malicious code.
-
Line 17: window.setTimeout(): The file webix.js interprets unvalidated user input as source code on line 17. Interpreting user-controlled instructions at run-time can allow attackers to execute malicious code.
-
Line 103: The file webix.js interprets unvalidated user input as source code on line 103. Interpreting user-controlled instructions at run-time can allow attackers to execute malicious code.
Rule ID: 9B5887B1-8619-449F-B6B1-B86FDAA0F2C6
Taint Flags: WEB, XSS
Direct Function Call: Function.init^()
I posted only the first item in another thread. I noticed that there are 3 other issues reported under Dynamic Code Evaluation.
Please let me know how you address these issues as it is critical for my project.
Thanks,
George