Vulnerability Details CVE-2022-25869
All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.4%
CVSS Severity
CVSS v3 Score 4.2
References
- https://glitch.com/edit/%23%21/angular-repro-textarea-xss
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782
- https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781
- https://glitch.com/edit/%23%21/angular-repro-textarea-xss
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782
- https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781
Products affected by CVE-2022-25869
-
cpe:2.3:a:angularjs:angular:-
-
cpe:2.3:a:angularjs:angular:1.7.0
-
cpe:2.3:a:angularjs:angular:1.7.1
-
cpe:2.3:a:angularjs:angular:1.7.2
-
cpe:2.3:a:angularjs:angular:1.7.3
-
cpe:2.3:a:angularjs:angular:1.7.4
-
cpe:2.3:a:angularjs:angular:1.7.5
-
cpe:2.3:a:angularjs:angular:1.7.6
-
cpe:2.3:a:angularjs:angular:1.7.7
-
cpe:2.3:a:angularjs:angular:1.7.8
-
cpe:2.3:a:angularjs:angular:1.7.9
-
cpe:2.3:a:angularjs:angular:1.8.0
-
cpe:2.3:a:angularjs:angular:1.8.1
-
cpe:2.3:a:angularjs:angular:1.8.2
-
cpe:2.3:a:angularjs:angular:1.8.3