Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Property
Language
Severity
CWE	CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP	A07:2017 - Cross-Site Scripting (XSS)
Confidence Level	Low
Impact Level	Medium
Likelihood Level	Low

Description#

Assigning user-controlled input directly to $window.location.href in Angular can allow attackers to redirect users to malicious websites. This makes it possible for attackers to exploit your application’s navigation logic.

Impact#

If exploited, attackers could trick users into visiting phishing or malicious sites, potentially stealing sensitive information or credentials. This can damage user trust, facilitate social engineering attacks, and expose your organization to legal and reputational risks.

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Description#

Impact#