AngularJS – XSS vulnerability Using AngularJS Under 1.6.5 In Firefox And Safari – Sanitize On Inert Documents

< 1 min read

Impact Area

Security

Severity

High

Affected Element

ServiceNow

UI Script

Salesforce

Static Resource

Rule number #

SN-JSL-006 (for ServiceNow)

SF-JSL-008 (for Salesforce)

Impact #

Both Firefox and Safari are vulnerable to XSS injection if the $sanitize function uses an inert document created via “document.implementation.createHTMLDocument()“.

Remediation #

Update AngularJS to the latest version.

Time to fix #

30 min

References #

This rule is linked to Common Weakness Enumeration CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’).

Updated on March 21, 2025

Table of contents

Rule number
Impact
Remediation
- Time to fix
References

Was it helpful ?

Happy
Normal
Sad

Get Started

Quality Clouds For ServiceNow

Quality Clouds For Salesforce

Quality Clouds For Office 365

AngularJS – XSS vulnerability Using AngularJS Under 1.6.5 In Firefox And Safari – Sanitize On Inert Documents

Rule number #

Impact #

Remediation #

Time to fix #

References #

Was it helpful ?

AngularJS – XSS vulnerability Using AngularJS Under 1.6.5 In Firefox And Safari – Sanitize On Inert Documents

Rule number #

Impact #

Remediation #

Time to fix #

References #

Share This Article :

Was it helpful ?