AngularJS - XSS vulnerability through the attribute "usemap" from 1.3.0 to 1.5.0-rc2
Impact area
Security
Severity
High
Affected element
ServiceNow
UI Script
Salesforce
Static Resource
Rule number
SN-JSL-005 (for ServiceNow)
SF-JSL-004 (for Salesforce)
Impact
The "usemap" attribute is used to reference another element by name or id. Since the name and id attributes are already blacklisted, a sanitized usemap attribute could only reference unsanitized content, which is a security risk.
Remediation
Update AngularJS to the latest version.
Time to fix
30 min
References
This rule is linked to Common Weakness Enumeration CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').