In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Cross-site Scripting (XSS) vulnerabilities in an interactive lesson.
Start learningUpgrade org.webjars.bower:angular
to version 1.5.0-rc.0 or higher.
org.webjars.bower:angular is a bower WebJar for angular.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS)
via the SVG <use>
element.
The <use>
element can reference external SVG's (same origin) and can include xlink:href
javascript urls or foreign object that can execute XSS. The change disallows <use>
elements in sanitized SVG markup.
An example of a malicious SVG document would be:
SVG to sanitize:
<svg><use xlink:href="test.svg#xss" /></svg>
External SVG file (test.svg):
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg" width="100"
height="100"
id="xss">
<a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="javascript:alert(1)">
<circle cx="50" cy="50" r="40" stroke="black" stroke-width="3" fill="red" />
</a>
</svg>
Here the SVG to sanitize loads in the test.svg
file via the <use>
element. The sanitizer is not able to parse this file, which contains malicious executable mark-up.
This can only be taken advantage of if the external file is available via the
same origin restrictions in place.