TRIAL REQUEST A DEMO LOGIN

AngularJS - XSS vulnerability on versions under 1.8.0, via JQLite DOM manipulation functions.

Impact area

Security

Severity

High

Affected element

ServiceNow

UI Script

Salesforce

Static Resource


Rule number

SN-JSL-ANGULARJS-LESSTHAN-V180-JQL (for ServiceNow)

SF-JSL-ANGULARJS-LESSTHAN-V180-JQL (for Salesforce)

Impact

XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith, JQLite.append, new JQLite and angular.element.

Remediation

Update AngularJS to the latest version.

Time to fix

30 min

References

This rule is linked to Common Weakness Enumeration CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')..

What's here


Related content

JavaScript rules

JavaScript best practices

Common Weakness Enumeration (CWE™)

Vulnerabilities in Open Source Libraries




Last modified on Sep 6, 2021
Copyright © QualityClouds 2021