Описание
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 1.8.0-1 |
| eoan | ignored | end of life |
| esm-apps/focal | needed | |
| esm-apps/jammy | not-affected | 1.8.0-1 |
| esm-apps/noble | not-affected | 1.8.0-1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | needed | |
| esm-infra/xenial | needed | |
| focal | ignored | end of standard support, was needed |
Показывать по
EPSS
3.5 Low
CVSS2
5.4 Medium
CVSS3
Связанные уязвимости
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.
angular.js prior to 1.8.0 allows cross site scripting. The regex-based ...
EPSS
3.5 Low
CVSS2
5.4 Medium
CVSS3