Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Property
Language
Severity
CWE	CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP	A07:2017 - Cross-Site Scripting (XSS)
Confidence Level	Low
Impact Level	Medium
Likelihood Level	Low

Description#

Directly inserting user input into DOM elements using angular.element methods like .html(), .append(), or .prepend() without proper sanitization or encoding can introduce cross-site scripting (XSS) risks. Untrusted data should always be sanitized or encoded before being rendered as HTML.

Impact#

If exploited, attackers could inject malicious scripts into your application’s pages, allowing them to steal user data, hijack sessions, or deface the site. This can lead to data breaches, compromised user accounts, and loss of trust in your application.

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Description#

Impact#