Bug #15495 - [Search + Collect] Display bug on the filter-saving pop-up.

[Salimdev]

Bug d'affichage sur la popup de sauvegarde des filtres.

[vitam-prg]

Checkmarx One – Scan Summary & Details – 2a932dd3-66be-41ae-92ea-f4150bf9f655

New Issues (30)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2025-7783	Npm-form-data-4.0.2	details Recommended version: 4.0.4 Description: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with the pro... Attack Vector: NETWORK Attack Complexity: HIGH ID: lLT2MmbKnplA8KtAGRiVx9iX3qFcZhJEjX2sY6shV7Y%3D Vulnerable Package
	CVE-2024-29371	Maven-org.bitbucket.b_c:jose4j-0.8.0	details Description: In jose4j versions prior to 0.9.5, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) toke... Attack Vector: NETWORK Attack Complexity: LOW ID: tnM3RKxuazlzzEmji73ivohlQMCzL5EvZhka%2FQWbm6M%3D Vulnerable Package
	CVE-2025-12816	Npm-node-forge-1.3.1	details Recommended version: 1.3.2 Description: An interpretation-conflict (CWE-436) vulnerability in node-forge versions through 1.3.1 enables unauthenticated attackers to craft ASN.1 structures... Attack Vector: NETWORK Attack Complexity: LOW ID: MRTdC7I3WibeRUabPbz3b3%2B8Jl7GNxqdeeBln34dRjA%3D Vulnerable Package
	CVE-2025-31125	Npm-vite-6.2.0	details Recommended version: 6.4.1 Description: Vite is a frontend tooling framework for javascript. Vite exposes the content of non-allowed files using `?inline&import` or `?raw?import`. Only ap... Attack Vector: NETWORK Attack Complexity: LOW ID: 90LBqQxxWFDSZ7AHaX816x2CTbIopAWW3SlF8lit5ks%3D Vulnerable Package
	CVE-2025-58754	Npm-axios-1.8.4	details Recommended version: 1.12.0 Description: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to version 1.12.0 runs on Node.js and is given a URL with the "d... Attack Vector: NETWORK Attack Complexity: LOW ID: mc7oDd%2F7omqV0Hg45495LBQSzz317XAu77AvmHimutM%3D Vulnerable Package
	CVE-2025-64756	Npm-glob-10.4.5	details Recommended version: 10.5.0 Description: Glob matches files using patterns the shell uses. In versions 10.2.0 prior to 10.5.0 and 11.0.0 prior to 11.1.0, the glob CLI contains a command in... Attack Vector: NETWORK Attack Complexity: HIGH ID: Lw8MHagQmRGYMGIh2pkWsOKCaqACct%2FcngeiNfU5Q%2F8%3D Vulnerable Package
	CVE-2025-66031	Npm-node-forge-1.3.1	details Recommended version: 1.3.2 Description: Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in n... Attack Vector: NETWORK Attack Complexity: LOW ID: %2BMoaEG5mklrgNXimo4aaq1WEpKzvXVGXzvj25%2BgGWxU%3D Vulnerable Package
	CVE-2025-66035	Npm-@angular/common-19.2.0	details Recommended version: 19.2.16 Description: Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versio... Attack Vector: NETWORK Attack Complexity: LOW ID: IIZxhR2AlTvd2nB%2Ba%2FiYVU8g4JqwheCB9ZFstOdq128%3D Vulnerable Package
	CVE-2025-66412	Npm-@angular/compiler-19.2.0	details Recommended version: 19.2.17 Description: Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. In versions pri... Attack Vector: NETWORK Attack Complexity: LOW ID: ALUfXHgYQ315sOla6mHLKrEN8xmJZvYk8C%2FhjMoHShI%3D Vulnerable Package
	CVE-2025-27789	Npm-@babel/helpers-7.26.9	details Recommended version: 7.26.10 Description: Babel is a compiler for writing next-generation JavaScript. In affected versions of Babel, to compile regular expressions named capturing groups, B... Attack Vector: LOCAL Attack Complexity: LOW ID: L2S%2B4Mo9bawpTRoEma11vN1NkfWfW0oYu9UhwMyDjWI%3D Vulnerable Package
	CVE-2025-30208	Npm-vite-6.2.0	details Recommended version: 6.4.1 Description: Vite, a provider of frontend development tooling, has a vulnerability in versions through 4.5.9, 5.0.0 through 5.4.14, 6.0.0 through 6.0.11, 6.1.0 ... Attack Vector: NETWORK Attack Complexity: HIGH ID: Df%2F600KCoa8rEZXBijSgVKbx0MMAfKY9KGaJIDodNMc%3D Vulnerable Package
	CVE-2025-30359	Npm-webpack-dev-server-5.2.0	details Recommended version: 5.2.1 Description: The webpack-dev-server allows users to use webpack with a development server that provides live reloading. The webpack-dev-server users' source cod... Attack Vector: NETWORK Attack Complexity: HIGH ID: 6r5LaWo9vPxE1rBuYXkZpP%2FjwQfGkwO%2FUtcFbOdApmU%3D Vulnerable Package
	CVE-2025-30360	Npm-webpack-dev-server-5.2.0	details Recommended version: 5.2.1 Description: Webpack-dev-server allows users to use webpack with a development server that provides live reloading. Webpack-dev-server users' source code may b... Attack Vector: NETWORK Attack Complexity: LOW ID: r1THm1Shb7eHGNukrXRk%2BaffUwEJOa9c3K6UI9uK5P8%3D Vulnerable Package
	CVE-2025-31486	Npm-vite-6.2.0	details Recommended version: 6.4.1 Description: A vulnerability in Vite allows the contents of arbitrary files to be returned to the browser. By appending "?.svg" along with "?.wasm?init" or sett... Attack Vector: NETWORK Attack Complexity: HIGH ID: 10fnn2kZbrhekJ6S4va4GGFMJ7L9XAEWgaVP9Myc%2FFg%3D Vulnerable Package
	CVE-2025-32395	Npm-vite-6.2.0	details Recommended version: 6.4.1 Description: Vite is a frontend tooling framework for JavaScript. The contents of arbitrary files can be returned to the browser if the dev server is running on... Attack Vector: NETWORK Attack Complexity: LOW ID: YnXFJAvuALyOA%2F5wN20l2XFwus7eGfLikNNgGrCFzO4%3D Vulnerable Package
	CVE-2025-32996	Npm-http-proxy-middleware-2.0.7	details Recommended version: 2.0.9 Description: In http-proxy-middleware v1.3.0 through v2.0.7 and v3.x through v3.0.3, "writeBody" function can be called twice because "else if" is not used. Attack Vector: NETWORK Attack Complexity: LOW ID: 31z%2FPIUPdMZkEU%2BCwYk0K%2FGGnh%2FAOFHk1l8wZNH46Og%3D Vulnerable Package
	CVE-2025-32996	Npm-http-proxy-middleware-3.0.3	details Recommended version: 3.0.5 Description: In http-proxy-middleware v1.3.0 through v2.0.7 and v3.x through v3.0.3, "writeBody" function can be called twice because "else if" is not used. Attack Vector: NETWORK Attack Complexity: LOW ID: Wed0REDySaw%2Bnm4qCw9mXCQ1fv3iNJV8aPCHo3Db%2Bks%3D Vulnerable Package
	CVE-2025-32997	Npm-http-proxy-middleware-3.0.3	details Recommended version: 3.0.5 Description: In http-proxy-middleware versions 1.3.0 through 2.0.8 and 3.x through 3.0.4, the "fixRequestBody" function proceeds even if "bodyParser" has failed. Attack Vector: NETWORK Attack Complexity: LOW ID: U6yhFS9stskwtQMXZ3lxCsOztRKNWvf9BIOUqMa3NnM%3D Vulnerable Package
	CVE-2025-32997	Npm-http-proxy-middleware-2.0.7	details Recommended version: 2.0.9 Description: In http-proxy-middleware versions 1.3.0 through 2.0.8 and 3.x through 3.0.4, the "fixRequestBody" function proceeds even if "bodyParser" has failed. Attack Vector: NETWORK Attack Complexity: LOW ID: yaxWasKCl83%2FqbtGuYtmozTzTmL603%2BrfIl3wLL9WIQ%3D Vulnerable Package
	CVE-2025-46565	Npm-vite-6.2.0	details Recommended version: 6.4.1 Description: Vite is a frontend tooling framework for javascript. In vite package versions through 4.5.13, 5.0.0-beta.0 through 5.4.18, 6.0.0-alpha.0 through 6.... Attack Vector: NETWORK Attack Complexity: LOW ID: 7rK3F7kG152MKNxSYuzhZ7ppUS0nmd9XUD064%2FlCzYg%3D Vulnerable Package
	CVE-2025-54798	Npm-tmp-0.0.33	details Recommended version: 0.2.4 Description: tmp is a temporary file and directory creator for node.js. In versions prior to 0.2.4, tmp is vulnerable to an arbitrary temporary file "/" directo... Attack Vector: NETWORK Attack Complexity: LOW ID: 1wy7Ay%2F5D0M16k4xC0JnHkvBnesghOXLun0GdZChCVw%3D Vulnerable Package
	CVE-2025-54798	Npm-tmp-0.2.3	details Recommended version: 0.2.4 Description: tmp is a temporary file and directory creator for node.js. In versions prior to 0.2.4, tmp is vulnerable to an arbitrary temporary file "/" directo... Attack Vector: NETWORK Attack Complexity: LOW ID: y%2B3LwmQB30TUe7cSzckwxri3FKmxqht%2B%2FVlC4ZmyaHs%3D Vulnerable Package
	CVE-2025-62522	Npm-vite-6.2.0	details Recommended version: 6.4.1 Description: Vite is a frontend tooling framework for JavaScript. In versions 2.9.18 prior to 3.0.0, 3.2.9 prior to 4.0.0, 4.5.3 prior to 5.0.0, 5.2.6 prior to ... Attack Vector: NETWORK Attack Complexity: LOW ID: jUTStSwY%2F6z8QgUw5dOsMuwTUBo2PeTKGplXG2y5WIQ%3D Vulnerable Package
	CVE-2025-64718	Npm-js-yaml-4.1.0	details Recommended version: 4.1.1 Description: js-yaml is a JavaScript YAML parser and dumper. In js-yaml versions through 3.14.1 and 4.x through 4.1.0, it's possible for an attacker to modify t... Attack Vector: NETWORK Attack Complexity: LOW ID: uuvbQiQph4CiAeTAUKFtF2LdvnjNnTgJ1WL28ntOzgM%3D Vulnerable Package
	CVE-2025-66030	Npm-node-forge-1.3.1	details Recommended version: 1.3.2 Description: Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-fo... Attack Vector: NETWORK Attack Complexity: LOW ID: 1SkIxe5n9e1gKERLUKVKjDUGwyaxMzJeMflbjwFpBuc%3D Vulnerable Package
	CVE-2025-58751	Npm-vite-6.2.0	details Recommended version: 6.4.1 Description: Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the ... Attack Vector: NETWORK Attack Complexity: LOW ID: U%2FqzSfHmtuC8H929M8IDkgWQJOAAlG%2FWttDQyza5kvo%3D Vulnerable Package
	CVE-2025-58752	Npm-vite-6.2.0	details Recommended version: 6.4.1 Description: Vite is a frontend tooling framework for JavaScript. In Vite versions through 5.4.19, 6.x through 6.3.5, 7.0.x through 7.0.6 and 7.1.x through 7.1.... Attack Vector: NETWORK Attack Complexity: LOW ID: 1InGcGdP5xJjescdENNM4Aflz4Ob5a42ohjjaq8zHro%3D Vulnerable Package
	CVE-2025-5889	Npm-brace-expansion-2.0.1	details Recommended version: 2.0.2 Description: A vulnerability was found in juliangruber brace-expansion. It has been rated as problematic. Affected by this issue is the function "expand" of the... Attack Vector: NETWORK Attack Complexity: HIGH ID: ikweGqYrqVXz7wbd756fkTIncCGwhd5lgtAXkXKVr4A%3D Vulnerable Package
	CVE-2025-5889	Npm-brace-expansion-1.1.11	details Recommended version: 1.1.12 Description: A vulnerability was found in juliangruber brace-expansion. It has been rated as problematic. Affected by this issue is the function "expand" of the... Attack Vector: NETWORK Attack Complexity: HIGH ID: kVUx5Xy9VGzlUqB9Ag1LnEgOUkkgv1CWqBwXskmxTEw%3D Vulnerable Package
	CVE-2025-7339	Npm-on-headers-1.0.2	details Recommended version: 1.1.0 Description: The on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions prior to 1.1.0 may result in r... Attack Vector: LOCAL Attack Complexity: LOW ID: RoeqAPPnbdqlxC8g%2BbOEf6biNlFaCkHFMytu%2BOlIIkE%3D Vulnerable Package

Fixed Issues (57)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 213
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 212
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 213
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 213
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 279
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 228
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 245
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 279
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 245
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 262
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 228
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 280
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 279
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 245
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 246
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 229
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 228
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 262
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 263
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 262
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/OperationController.java: 115
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/OperationController.java: 104
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/OperationController.java: 157
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/OperationController.java: 132
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/OperationController.java: 212
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/OperationController.java: 203
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/OperationController.java: 192
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/OperationController.java: 145
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/OperationController.java: 157
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/OperationController.java: 144
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/OperationController.java: 116
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/OperationController.java: 104
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/OperationController.java: 132
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/OperationController.java: 132
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/OperationController.java: 117
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 171
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 170
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 190
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 295
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 305
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 315
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 189
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 190
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 191
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 305
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 95
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 171
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 96
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 171
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 127
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 95
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 156
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 97
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 128
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 192
	Log_Forging	/api/api-collect/collect/src/main/java/fr/gouv/vitamui/collect/server/rest/ProjectController.java: 190
	Missing_CSP_Header	/ui/ui-frontend/projects/vitamui-library/src/app/modules/components/header/menu/menu.component.html: 23

---

Use @Checkmarx to reach out to us for assistance.

Just send a PR comment with @Checkmarx followed by a natural language request.

Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR

[marob]

Les espacements du Figma ne sont pas respectés.
Il manque des bordures.

Il reste beaucoup de modifications à faire pour rendre le composant propre et iso-Figma. Ytiliser (et créer si besoin) les composants du DS.

[marob]

Le bg rouge dépasse les bords arrondis

[marob]

@Salimdev À mon avis, il faut bloquer ce ticket et reprendre les choses dans l'ordre : on transforme en US, on planifie sur un prochain Sprint, en traitant la partie Figma avant la partie dev.

Validé avec avant de partir en vacances!