Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-7676

Опубликовано: 19 мая 2020
Источник: redhat
CVSS3: 5.4
EPSS Низкий

Описание

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code.A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.

Отчет

Quay does not contain the affected component usage.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 1servicemesh-grafanaWill not fix
Red Hat AMQ Broker 7angularjsAffected
Red Hat Decision Manager 7angularOut of support scope
Red Hat Fuse 7angularjsAffected
Red Hat OpenShift Container Platform 3.11kibanaWill not fix
Red Hat OpenShift Container Platform 3.11openshift3/grafanaWill not fix
Red Hat OpenShift Container Platform 4kibanaWill not fix
Red Hat OpenShift Container Platform 4logging-kibana5-containerWill not fix
Red Hat OpenShift Container Platform 4openshift4/ose-grafanaWill not fix
Red Hat OpenShift Container Platform 4openshift4/ose-logging-kibana6Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1849206nodejs-angular: XSS due to regex-based HTML replacement

EPSS

Процентиль: 68%
0.00563
Низкий

5.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-7676

CVSS3: 5.4
ubuntu
больше 5 лет назад

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.

nvd логотип

CVE-2020-7676

CVSS3: 5.4
nvd
больше 5 лет назад

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.

debian логотип

CVE-2020-7676

CVSS3: 5.4
debian
больше 5 лет назад

angular.js prior to 1.8.0 allows cross site scripting. The regex-based ...

github логотип

GHSA-mhp6-pxh8-r675

CVSS3: 5.4
github
больше 5 лет назад

Angular vulnerable to Cross-site Scripting

EPSS

Процентиль: 68%
0.00563
Низкий

5.4 Medium

CVSS3