Описание
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
A cross-site scripting (XSS) flaw was found in Angular. This flaw occurs due to improper sanitation of xlink:href attributes, which allows the web application to deliver data to users, along with other trusted content, without proper validation.
Дополнительная информация
Статус:
7.1 High
CVSS3
Связанные уязвимости
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
There is a vulnerability in all angular versions before 1.5.0-beta.0, ...
AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes
7.1 High
CVSS3