My customer’s company run a vulnerability check with some tool and (aside others) found the vulnerability “JavaScript_Server_Side_Vulnerabilities/Stored_Code_Injection” on the extjs base code.
In particular:
from /extjs/ext-debug.js in line 16894 to line 21070
<code> selectNode : function(path, root){
return Ext.DomQuery.select(path, root, null, true)[0]; //<- line 16894
},
</code>
<code> selectNode : function(path, root){
return Ext.DomQuery.select(path, root, null, true)[0]; //<- line 16894
},
</code>
selectNode : function(path, root){
return Ext.DomQuery.select(path, root, null, true)[0]; //<- line 16894
},
<code> update : function(html, loadScripts, callback) {
var me = this,
id,
dom,
interval;
if (!me.dom) {
return me;
}
html = html || '';
dom = me.dom;
if (loadScripts !== true) {
dom.innerHTML = html;
Ext.callback(callback, me);
return me;
}
id = Ext.id();
html += '<span id="' + id + '"></span>';
interval = setInterval(function() {
var hd,
match,
attrs,
srcMatch,
typeMatch,
el,
s;
if (!(el = DOC.getElementById(id))) {
return false;
}
clearInterval(interval);
Ext.removeNode(el);
hd = Ext.getHead().dom;
while ((match = scriptTagRe.exec(html))) {
attrs = match[1];
srcMatch = attrs ? attrs.match(srcRe) : false;
if (srcMatch && srcMatch[2]) {
s = DOC.createElement("script");
s.src = srcMatch[2];
typeMatch = attrs.match(typeRe);
if (typeMatch && typeMatch[2]) {
s.type = typeMatch[2];
}
hd.appendChild(s);
} else if (match[2] && match[2].length > 0) {
if (window.execScript) {
window.execScript(match[2]);
} else {
window.eval(match[2]); //<- line 21070
}
}
}
Ext.callback(callback, me);
}, 20);
dom.innerHTML = html.replace(replaceScriptTagRe, '');
return me;
},
</code>
<code> update : function(html, loadScripts, callback) {
var me = this,
id,
dom,
interval;
if (!me.dom) {
return me;
}
html = html || '';
dom = me.dom;
if (loadScripts !== true) {
dom.innerHTML = html;
Ext.callback(callback, me);
return me;
}
id = Ext.id();
html += '<span id="' + id + '"></span>';
interval = setInterval(function() {
var hd,
match,
attrs,
srcMatch,
typeMatch,
el,
s;
if (!(el = DOC.getElementById(id))) {
return false;
}
clearInterval(interval);
Ext.removeNode(el);
hd = Ext.getHead().dom;
while ((match = scriptTagRe.exec(html))) {
attrs = match[1];
srcMatch = attrs ? attrs.match(srcRe) : false;
if (srcMatch && srcMatch[2]) {
s = DOC.createElement("script");
s.src = srcMatch[2];
typeMatch = attrs.match(typeRe);
if (typeMatch && typeMatch[2]) {
s.type = typeMatch[2];
}
hd.appendChild(s);
} else if (match[2] && match[2].length > 0) {
if (window.execScript) {
window.execScript(match[2]);
} else {
window.eval(match[2]); //<- line 21070
}
}
}
Ext.callback(callback, me);
}, 20);
dom.innerHTML = html.replace(replaceScriptTagRe, '');
return me;
},
</code>
update : function(html, loadScripts, callback) {
var me = this,
id,
dom,
interval;
if (!me.dom) {
return me;
}
html = html || '';
dom = me.dom;
if (loadScripts !== true) {
dom.innerHTML = html;
Ext.callback(callback, me);
return me;
}
id = Ext.id();
html += '<span id="' + id + '"></span>';
interval = setInterval(function() {
var hd,
match,
attrs,
srcMatch,
typeMatch,
el,
s;
if (!(el = DOC.getElementById(id))) {
return false;
}
clearInterval(interval);
Ext.removeNode(el);
hd = Ext.getHead().dom;
while ((match = scriptTagRe.exec(html))) {
attrs = match[1];
srcMatch = attrs ? attrs.match(srcRe) : false;
if (srcMatch && srcMatch[2]) {
s = DOC.createElement("script");
s.src = srcMatch[2];
typeMatch = attrs.match(typeRe);
if (typeMatch && typeMatch[2]) {
s.type = typeMatch[2];
}
hd.appendChild(s);
} else if (match[2] && match[2].length > 0) {
if (window.execScript) {
window.execScript(match[2]);
} else {
window.eval(match[2]); //<- line 21070
}
}
}
Ext.callback(callback, me);
}, 20);
dom.innerHTML = html.replace(replaceScriptTagRe, '');
return me;
},
anybody found the same issue and knows how to fix it?
many thanks
did’t find anythink in the forums