AngularJS - XSS vulnerability through the attribute "usemap" from 1.3.0 to 1.5.0-rc2

Rule number

SN-JSL-005 (for ServiceNow)

SF-JSL-004 (for Salesforce)

Impact

The "usemap" attribute is used to reference another element by name or id. Since the name and id attributes are already blacklisted, a sanitized usemap attribute could only reference unsanitized content, which is a security risk.

Remediation

Update AngularJS to the latest version.

Time to fix

30 min

References

This rule is linked to Common Weakness Enumeration CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').