Description
This web application is vulnerable to AngularJS client-side template injection vulnerability. AngularJS client-side template injection vulnerabilities occur when user-input is dynamically embedded on a page where AngularJS client-side templating is used. By using curly braces it's possible to inject AngularJS expressions in the AngularJS client-side template that is being used by the application.These expressions will be evaluated on the client-side by AngularJS and when combined with a sandbox escape they allow an attacker to execute arbitrary JavaScript code.
Remediation
It should not be possible for an attacker to inject AngularJS expressions by using curly braces. The application needs to either treat curly braces in user input as highly dangerous or avoid server-side reflection of user input entirely.
References
AngularJS security features and best practices
XSS without HTML: Client-Side Template Injection with AngularJS
Related Vulnerabilities
WordPress Plugin Google +1 by BestWebSoft Cross-Site Scripting (1.3.3)
Clickjacking: X-Frame-Options header
WordPress Plugin WP Idea Stream Cross-Site Scripting (2.1.1)
WordPress Plugin Hostel Cross-Site Scripting (1.1.3)
WordPress Plugin HubSpot All-In-One Marketing-Forms, Popups, Live Chat Cross-Site Scripting (7.5.5)