CVE-2022-25869

Medium CVSS 4.2

Overview

All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.

CWE: CWE-79 Published: 2022-07-15T20:15:08.487

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 4.2 (MEDIUM)
Detected tags: xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags