CVE-2019-14863
angular: Cross-site Scripting (XSS) due to no proper sanitization of xlink:href attributes
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
Hay una vulnerabilidad en todas las versiones de angular anteriores a la versión 1.5.0-beta.0, donde después de escapar del contexto de la aplicación web, la aplicación web entrega datos a sus usuarios junto con otro contenido dinámico seguro, sin comprobarlo.
A cross-site scripting (XSS) flaw was found in Angular. This flaw occurs due to improper sanitation of xlink:href attributes, which allows the web application to deliver data to users, along with other trusted content, without proper validation.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-10 CVE Reserved
- 2019-12-03 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14863 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://snyk.io/vuln/npm:angular:20150807 | 2020-01-09 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2019-14863 | 2019-12-03 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1763589 | 2019-12-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Angularjs Search vendor "Angularjs" | Angular.js Search vendor "Angularjs" for product "Angular.js" | >= 1.0.0 <= 1.4.14 Search vendor "Angularjs" for product "Angular.js" and version " >= 1.0.0 <= 1.4.14" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Decision Manager Search vendor "Redhat" for product "Decision Manager" | 7.0 Search vendor "Redhat" for product "Decision Manager" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Process Automation Search vendor "Redhat" for product "Process Automation" | 7.0 Search vendor "Redhat" for product "Process Automation" and version "7.0" | - |
Affected
|