AngularJS-based server-side expression injection vulnerabilities. These vulnerabilities are caused when client-side Angular templates are dynamically generated on the server-side based on user-input. Angular considers these templates as trusted and hence evaluates any expression contained within such a template.
Server-side injection into AngularJS interpolation template
Interpolation symbols, by default {{}}, are replaced
with [[]].
Interpolation symbols, by default {{}}, are replaced
with [[]].
The parameter is reflected into the page as-is; no server-side filtering is performed apart from '<' and '>'.
The POST parameter is reflected into the page as-is; no server-side filtering is performed apart from '<' and '>'.
The parameter is reflected into the page, with the default interpolation symbols properly escaped with backslashes. However, the equivalent HTML entities are not escaped, so AngularJS can still execute the payload.
The parameter is reflected into the page, with alternate interpolation symbols properly escaped with backslashes. However, the equivalent HTML entities are not escaped, so AngularJS can still execute the payload.
Server-side injection into an ng-attribute
Server-side injection into interpolation template within a regular attribute
Server-side injection into a regular attribute
Injection into $parse via a client-side form processing function.
Injection into $parse via a cookie value.
Injection into $parse via a localStorage value.
Injection into $parse via a postMessage value.