Symptom
Scenario:
If the SonarQube Security Hotspots is used for scanning the application code, the vulnerability is detected in :
modules/smartedit/smartedit/apps/smartedit-commons/src/services/theme/ThemesService.ts
What is the risk?
Angular prevents XSS vulnerabilities by treating all values as untrusted by default. Untrusted values are systematically sanitized by the framework before they are inserted into the DOM.
Still, developers have the ability to manually mark a value as trusted if they are sure that the value is already sanitized. Accidentally trusting malicious data will introduce an XSS vulnerability in the application and enable a wide range of serious attacks like accessing/modifying sensitive information or impersonating other users.
Read more...
Environment
SAP commerce 2205 or Higher
Product
Keywords
SAP commerce security, XSS Vulnerability, Angular DOM , KBA , CEC-SCC-COM-SEDIT , SmartEdit , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.