CVE
CVE-2020-7676
| CVE ID |
CVE-2020-7676
|
|---|---|
| CVSS Score |
5.4
|
| Operating System | |
| Affected Versions | |
| Patched Versions |
1.6.12
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
NVD Listing: NVD - CVE-2020-7676
Bug Fixes
- This release provides fixes for two vulnerabilities cherry-picked from AngularJS version 1.8.x
- Medium severity CVE-2020-7676
- High severity CWE-79
- Fix for CVE-2020-7676 addresses cross-site scripting (XSS) where the regex-based input HTML replacement may turn sanitized code into unsanitized code.
- Fix for CWE-79 provides a solution while using JqLite to prevent a possible high-severity cross-site scripting (XSS) vulnerability due to regex-based HTML replacement.
- Note that this patch is only for JqLite and not for JQuery, for more information about workarounds for JQuery consult the JQuery upgrade guide.