AngularJS - XSS vulnerability using AngularJS under 1.6.9 with Firefox

Rule number

SN-JSL-004 (for ServiceNow)

SF-JSL-004 (for Salesforce)

Impact

An XSS Vulnerability exists when using AngularJS versions under 1.6.9 with the Firefox browser. A malicious attacker can write into the "xml:base" attribute on an SVG anchor, introducing arbitrary code.

Remediation

Update angular.js to the latest version.

Time to fix

30 min

References

This rule is linked to Common Weakness Enumeration CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').