CVE-2022-25869

SOURCE - github

Summary

All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements. NPM package angular is deprecated. Those who want to receive security updates should use the actively maintained package @angular/core.

EPSS Score: 0.00496 (0.762)

Common Weakness Enumeration (CWE)

SOURCE - nist

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SOURCE - github

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SOURCE - gitlab

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities


nist

CREATED


UPDATED



EXPLOITABILITY SCORE

2.8


EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

6.1medium

github

CREATED


UPDATED



EXPLOITABILITY SCORE

2.8


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

6.1medium

debian

CREATED


UPDATED



EXPLOITABILITY SCORE

-


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

ubuntu

CREATED


UPDATED



EXPLOITABILITY SCORE

2.8


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.1low

gitlab

CREATED


UPDATED


SOURCE ID

CVE-2022-25869


EXPLOITABILITY SCORE

2.8


EXPLOITS FOUND
-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

6.1medium

inthewild

CREATED


UPDATED



EXPLOITABILITY SCORE

-


EXPLOITS FOUND

-


COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE