Lucene search
UnknownNODEJS:1453HistoryJan 10, 2020 - 8:46 p.m.
Cross-Site Scripting
2020-01-1020:46:03
Unknown
www.npmjs.com
76
0.001 Low
EPSS
Percentile
29.3%
Overview
Versions of angular prior to 1.5.0-beta.1 are vulnerable to Cross-Site Scripting. The package fails to sanitize xlink:href attributes, which may allow attackers to execute arbitrary JavaScript in a victim’s browser if the value is user-controlled.
Recommendation
Upgrade to version 1.5.0-beta.1 or later.
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| angular | lt | 1.5.0-beta.1 |
Related
osv
osv
angular.js - security update
2019-11-18 00:00:00
AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes
2020-02-14 23:08:49
CVE-2019-14863
2020-01-02 15:15:12
cve
cve
CVE-2019-14863
2020-01-02 15:15:12
cvelist
cvelist
CVE-2019-14863
2020-01-02 14:20:50
redhatcve
redhatcve
CVE-2019-14863
2019-10-21 13:21:25
ubuntucve
ubuntucve
CVE-2019-14863
2020-01-02 00:00:00
nvd
nvd
CVE-2019-14863
2020-01-02 15:15:12
prion
prion
Design/Logic Flaw
2020-01-02 15:15:00
github
github
openvas
openvas
Debian: Security Advisory (DLA-1995-1)
2019-11-26 00:00:00
nessus
nessus
Debian DLA-1995-1 : angular.js security update
2019-11-20 00:00:00
debiancve
debiancve
CVE-2019-14863
2020-01-02 15:15:12
debian
debian
[SECURITY] [DLA 1995-1] angular.js security update
2019-11-18 07:14:29
redhat
redhat
ibm
ibm
Security Bulletin: IBM MQ Appliance is affected by multiple AngularJS vulnerabilities
2021-08-13 22:11:10
Security Bulletin: Multiple vulnerabilities in AngularJS
2021-08-16 15:43:07