Client-side template injection vulnerabilities arise when applications using a client-side template framework dynamically embed user input in web pages. When rendering a page, the framework scans it for template expressions and executes any that it encounters. An attacker can exploit this by supplying a malicious template expression that launches a Cross Site Scripting (XSS) attack.
- Should be in WSTG-INPV or WSTG-CLNT
- Cross-site scripting (XSS) cheat sheet (Client-side template injection, PortSwigger)
- XSS without HTML: Client-Side Template Injection with AngularJS
- Template Injection Attacks – Bypassing Security Controls by Living off the Land (SANS)
See Angular / AngularJS.