DOM-based Cross-site Scripting (XSS)

[zavelevsky]

carbon-app/src/components/core/menu/mainMenu/MainMenuRightChainSelector.tsx

Line 49 in 2ebb80e

href={getFullPath(appUrl)}

Unsanitized input from the document location flows into a React dynamic 'href' attribute, where it is used to dynamically construct the HTML page on client side. This may result in a DOM Based Cross-Site Scripting attack (DOMXSS).

(from Snyk)