CVE-2020-7676
nodejs-angular: XSS due to regex-based HTML replacement
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.
angular.js versiones anteriores a 1.8.0, permite un ataque de tipo cross site scripting. El reemplazo de HTML de entradas basadas en expresiones regulares puede convertir el código saneado en uno no saneado. Al contener los elementos "" en los "" cambia el comportamiento del análisis, conllevando a un posible código de desaneamiento
A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "\<option\>" elements in "\<select\>" ones changes parsing behavior, leading to possibly unsanitizing code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-21 CVE Reserved
- 2020-05-26 First Exploit
- 2020-06-08 CVE Published
- 2024-08-04 CVE Updated
- 2024-10-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (15)
URL | Date | SRC |
---|---|---|
https://github.com/ossf-cve-benchmark/CVE-2020-7676 | 2020-05-26 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2020-7676 | 2021-03-23 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1849206 | 2021-03-23 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Angularjs Search vendor "Angularjs" | Angular.js Search vendor "Angularjs" for product "Angular.js" | < 1.8.0 Search vendor "Angularjs" for product "Angular.js" and version " < 1.8.0" | - |
Affected
|