CVE-2022-25869

All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.

Published: Jul 15, 2022
Updated: May 9, 2024
CVE: CVE-2022-25869
GHSA: GHSA-prc3-vjfx-vhm9
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
angularjs / angular	-	-
@schematics / angular	-	1.8.3.x

https://glitch.com/edit/%23%21/angular-repro-textarea-xss
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782
https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781

Vulnerability Database

289,599

CVE-2022-25869