Angular up to 11.0.4/11.1.0-next.2 on npm Application cross site scripting

Overview

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2 on npm (JavaScript Library). It has been classified as problematic. Affected is an unknown function of the component Application Handler. Upgrading to version 11.0.5 or 11.1.0-next.3 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com.

Affected Product:

  • Type: JavaScript Library
  • Name: Angular

The manipulation with an unknown input leads to a cross site scripting vulnerability. . This is going to have an impact on integrity. An attacker might be able to inject arbitrary html and script code into the web site. This would alter the appearance and would make it possible to initiate further attacks against site visitors.

The exploitability is told to be difficult. It is possible to launch the attack remotely. The successful exploitation requires a authentication. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available.

Exploiting

Class Cross site scripting
CWE CWE-79
ATT&CK T1059.007
Remote Access Yes
Upgrade: Angular 11.0.5/11.1.0-next.3
Patch: Github.com
Availability Impact: High
Base Score: 2.6
Temp Score: 2.5

Mitigation

Upgrade to the latest version.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-36310 : AIRSPAN AIRVELOCITY 1500 PRIOR 15.18.00.2511 SNMPD INHERENTLY DANGEROUS FUNCTION

CVE-2022-36310 : AIRSPAN AIRVELOCITY 1500 PRIOR 15.18.00.2511 SNMPD INHERENTLY DANGEROUS FUNCTION

Description Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with

CVE-2022-2814 : SOURCECODESTER SIMPLE AND NICE SHOPPING CART SCRIPT /MKSHOPE/LOGIN.PHP MSG CROSS SITE SCRIPTING

CVE-2022-2814 : SOURCECODESTER SIMPLE AND NICE SHOPPING CART SCRIPT /MKSHOPE/LOGIN.PHP MSG CROSS SITE SCRIPTING

Description A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and classified as problematic. Affected by

CVE-2022-37397 : YUGABYTEDB 2.6.1 LDAP AUTHENTICATION CONFIG

CVE-2022-37397 : YUGABYTEDB 2.6.1 LDAP AUTHENTICATION CONFIG

Description An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When