Lucene search
GoogleOSV:GHSA-R5FX-8R73-V86CHistoryFeb 14, 2020 - 11:08 p.m.
AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes
2020-02-1423:08:49
Google
osv.dev
102
0.001 Low
EPSS
Percentile
29.3%
Versions of angular prior to 1.5.0-beta.1 are vulnerable to Cross-Site Scripting. The package fails to sanitize xlink:href attributes, which may allow attackers to execute arbitrary JavaScript in a victim’s browser if the value is user-controlled.
Recommendation
Upgrade to version 1.5.0-beta.1 or later.
| CPE | Name | Operator | Version |
|---|---|---|---|
| angular | lt | 1.5.0-beta.1 |
References
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14863
github.com/angular/angular.js
github.com/angular/angular.js/commit/35a21532b73d5bd84b4325211c563e6a3e2dde82
github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a
github.com/angular/angular.js/pull/12524
nvd.nist.gov/vuln/detail/CVE-2019-14863
snyk.io/vuln/npm:angular:20150807
www.npmjs.com/advisories/1453
Related
osv
osv
angular.js - security update
2019-11-18 00:00:00
CVE-2019-14863
2020-01-02 15:15:12
cve
cve
CVE-2019-14863
2020-01-02 15:15:12
cvelist
cvelist
CVE-2019-14863
2020-01-02 14:20:50
redhatcve
redhatcve
CVE-2019-14863
2019-10-21 13:21:25
ubuntucve
ubuntucve
CVE-2019-14863
2020-01-02 00:00:00
nodejs
nodejs
Cross-Site Scripting
2020-01-10 20:46:03
nvd
nvd
CVE-2019-14863
2020-01-02 15:15:12
prion
prion
Design/Logic Flaw
2020-01-02 15:15:00
github
github
openvas
openvas
Debian: Security Advisory (DLA-1995-1)
2019-11-26 00:00:00
nessus
nessus
Debian DLA-1995-1 : angular.js security update
2019-11-20 00:00:00
debiancve
debiancve
CVE-2019-14863
2020-01-02 15:15:12
debian
debian
[SECURITY] [DLA 1995-1] angular.js security update
2019-11-18 07:14:29
redhat
redhat
ibm
ibm
Security Bulletin: IBM MQ Appliance is affected by multiple AngularJS vulnerabilities
2021-08-13 22:11:10
Security Bulletin: Multiple vulnerabilities in AngularJS
2021-08-16 15:43:07