CVE
CWE-79
| CVE ID |
CWE-79
|
|---|---|
| CVSS Score |
8.7
|
| Operating System | |
| Affected Versions | |
| Patched Versions |
1.6.12
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
SNYK Listing: Cross-site Scripting (XSS) in angular | Snyk
Bug Fixes
- This release provides fixes for two vulnerabilities cherry-picked from AngularJS version 1.8.x
- Medium severity CVE-2020-7676
- High severity CWE-79
- Fix for CVE-2020-7676 addresses cross-site scripting (XSS) where the regex-based input HTML replacement may turn sanitized code into unsanitized code.
- Fix for CWE-79 provides a solution while using JqLite to prevent a possible high-severity cross-site scripting (XSS) vulnerability due to regex-based HTML replacement.
- Note that this patch is only for JqLite and not for JQuery, for more information about workarounds for JQuery consult the JQuery upgrade guide.