إرسال #18901: Cross-site Scripting (XSS) in Angular versions <11.0.5 || >=11.1.0-next.0 <11.1.0-next.3المعلومات

عنوانCross-site Scripting (XSS) in Angular versions <11.0.5 || >=11.1.0-next.0 <11.1.0-next.3
الوصفAffected versions of this package are vulnerable to Cross-site Scripting (XSS) in development, with SSR enabled. A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source. ... If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted. ... Disclosed: 2021-01-22 Published: 2021-02-10 Fixed: 2021-03-18 Patch information: https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09 and https://github.com/angular/angular/pull/40525
المصدر⚠️ https://snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902
المستخدم
 misc (UID 3)
ارسال24/08/2021 07:49 AM (5 سنوات منذ)
الاعتدال24/08/2021 07:52 AM (3 minutes later)
الحالةتمت الموافقة
إدخال VulDB181356 [Angular حتى 11.0.4/11.1.0-next.2 على npm Comment البرمجة عبر المواقع]
النقاط20

Want to know what is going to be exploited?

We predict KEV entries!