Skip to content

Cross site scripting in Angular

Moderate severity GitHub Reviewed Published Jun 18, 2020 to the GitHub Advisory Database • Updated Sep 8, 2023

Package

npm angular (npm)

Affected versions

< 1.8.0

Patched versions

1.8.0

Description

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping <option> elements in <select> ones changes parsing behavior, leading to possibly unsanitizing code.

References

Reviewed Jun 18, 2020
Published to the GitHub Advisory Database Jun 18, 2020
Last updated Sep 8, 2023

Severity

Moderate
5.4
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Weaknesses

CVE ID

CVE-2020-7676

GHSA ID

GHSA-mhp6-pxh8-r675

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.