Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-4231

Опубликовано: 26 мая 2022
Источник: nvd
CVSS3: 3.5
CVSS3: 5.4
CVSS2: 3.5
EPSS Низкий

Описание

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:angular:angular:11.1.0:next0:*:*:*:*:*:*
cpe:2.3:a:angular:angular:11.1.0:next1:*:*:*:*:*:*
cpe:2.3:a:angular:angular:11.1.0:next2:*:*:*:*:*:*
cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*
Версия до 11.0.5 (исключая)

EPSS

Процентиль: 80%
0.01341
Низкий

3.5 Low

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79
CWE-79

Связанные уязвимости

redhat логотип

CVE-2021-4231

CVSS3: 3.9
redhat
около 5 лет назад

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component.

github логотип

GHSA-c75v-2vq8-878f

CVSS3: 5.4
github
больше 3 лет назад

Angular vulnerable to Cross-site Scripting

EPSS

Процентиль: 80%
0.01341
Низкий

3.5 Low

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79
CWE-79