Описание
Angular (deprecated package) Cross-site Scripting
All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.
NPM package angular is deprecated. Those who want to receive security updates should use the actively maintained package @angular/core.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-25869
- https://glitch.com/edit/%23%21/angular-repro-textarea-xss
- https://neverendingsupport.github.io/angularjs-poc-cve-2022-25869
- https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJS-10771617
- https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJSCORE-6084031
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782
- https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782
- https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781
Пакеты
angular
<= 1.8.3
Отсутствует
Связанные уязвимости
All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.
All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.
All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.
All versions of the package angular; all versions of the package angul ...
Уязвимость среды проектирования приложений и платформы разработки одностраничных приложений Аngular, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)