Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
Using angular.element to insert user-controlled input directly into HTML elements without proper encoding or sanitization can allow attackers to inject malicious scripts. This creates a risk of cross-site scripting (XSS) vulnerabilities in your AngularJS application.
Impact#
If exploited, an attacker could execute arbitrary JavaScript in the victim’s browser, leading to data theft, session hijacking, or defacement of your application. This can compromise user accounts, expose sensitive information, and damage your organization’s reputation.