@angular/core is vulnerable to cross-site scripting. The vulnerability exists in few methods due to not escaping the comment text which allows an attacker to inject and execute arbitrary javascript.
CPE | Name | Operator | Version |
---|---|---|---|
@angular/core | le | 11.0.4 | |
@angular/core | le | 11.1.0-next.2 | |
@angular/core | le | 11.0.4 | |
@angular/core | le | 11.1.0-next.2 |