Seeing following checkmarx vulnerabilities when I scan my application in checkmarx. Want to know if these are false positives and how to justify them if false positive.
If not is there any resolution provided. Appreciate all the help.
he application's l=e.length-1;0<=l;l--)for embeds untrusted data in the generated output with appendChild, at line 21 of XXX.WebApp\Scripts\knockout-3.3.0.js. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The application's b&& embeds untrusted data in the generated output with appendChild, at line 21 of XXX.WebApp\Scripts\knockout-3.3.0.js. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The application's function embeds untrusted data in the generated output with appendChild, at line 581 of XXX.WebApp\Scripts\knockout-3.3.0.debug.js. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The application's objectForEach embeds untrusted data in the generated output with appendChild, at line 588 of XXX.WebApp\Scripts\knockout-3.3.0.debug.js. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.