Versions of angular
prior to 1.5.0-beta.1 are vulnerable to Cross-Site Scripting. The package fails to sanitize xlink:href
attributes, which may allow attackers to execute arbitrary JavaScript in a victim’s browser if the value is user-controlled.
Upgrade to version 1.5.0-beta.1 or later.
CPE | Name | Operator | Version |
---|---|---|---|
angular | lt | 1.5.0-beta.1 |