foretagsinfo-mcp

The provided source code for `src/utils/validators.ts` contains an XSS vulnerability in `SearchQuerySchema`'s `.refine` method. The regex `/<script|javascript:|onerror=|onclick=/i.test(val)` is insufficient to block several common XSS attack vectors, including onload/onfocus events, SVG, iframe, and eval patterns. This is explicitly identified and remediated in the `REMEDIATION-GUIDE.md` but not reflected in the main `src/utils/validators.ts` file. SQL injection prevention is robust for common payloads. No hardcoded secrets were found, and environment variables are used for credentials. The `import-parquet.ts` script uses `child_process.spawn` to execute a Python script, which is generated dynamically, posing a potential (though currently controlled by static inputs) code execution risk. Overall score is lowered significantly due to the unpatched XSS vulnerability.