AngularJS - XSS vulnerability on versions under 1.8.0, via JQLite DOM manipulation functions.
Impact area
Security
Severity
High
Affected element
ServiceNow
UI Script
Salesforce
Static Resource
Rule number
SN-JSL-ANGULARJS-LESSTHAN-V180-JQL (for ServiceNow)
SF-JSL-ANGULARJS-LESSTHAN-V180-JQL (for Salesforce)
Impact
XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith, JQLite.append, new JQLite and angular.element.
Remediation
Update AngularJS to the latest version.
Time to fix
30 min
References
This rule is linked to Common Weakness Enumeration CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')..