Angularjs » Angular.js : Security Vulnerabilities, CVEs,

CVE-2020-7676

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.
Max CVSS
5.4
EPSS Score
0.16%
Published
2020-06-08
Updated
2020-10-09

CVE-2019-14863

There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
Max CVSS
7.1
EPSS Score
0.07%
Published
2020-01-02
Updated
2020-01-09

CVE-2019-10768

In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.
Max CVSS
7.5
EPSS Score
0.12%
Published
2019-11-19
Updated
2022-12-02
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close