CVE-2022-25869

Sažetak

All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.

Reference

https://neverendingsupport.github.io/angularjs-poc-cve-2022-25869
https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJS-10771617
https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJSCORE-6084031
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782
https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781
https://glitch.com/edit/%23%21/angular-repro-textarea-xss
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782
https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781

CVSS

Base:	4.2
Impact:	2.5
Exploitability:	1.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Zadnje važnije ažuriranje

20-11-2025 - 17:53

Objavljeno

15-07-2022 - 20:15