A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
CPE | Name | Operator | Version |
---|---|---|---|
@angular/core | lt | 11.0.5 | |
@angular/core | lt | 11.1.0-next.3 | |
@angular/core | lt | 10.2.5 | |
@angular/core | ge | 11.1.0-next.0 | |
@angular/core | ge | 11.0.0 |
github.com/angular/angular
github.com/angular/angular/commit/0aa220bc0000fc4d1651ec388975bbf5baa1da36
github.com/angular/angular/commit/47d9b6d72dab9d60c96bc1c3604219f6385649ea
github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09
github.com/angular/angular/issues/40136
nvd.nist.gov/vuln/detail/CVE-2021-4231
security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902
vuldb.com/?id.181356