Angular-Cross-site Scripting

This article is a part of our Vulnerability Database (back to index)

Cross-site Scripting occurrences in Angular

All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of elements. (2022-07-15, <a class="link" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25869">CVE-2022-25869</a>)</p><p>A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component. (2022-05-26, <a class="link" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4231">CVE-2021-4231</a>)</p></p> </div> <h2 class="typo-h4 m-40"> <p>Why Cross-site Scripting can be dangerous</p> </h2> <div style="margin: 2em;"> <p>Cross site scripting is an attack where a web page executes code that is injected by an adversary. It usually appears, when users input is presented. This attack can be used to impersonate a user, take over control of the session, or even steal API keys.</p> <p>The attack can be executed e.g. when you application injects the request parameter directly into the HTML code of the page returned to the user:</p> <p class="feature-text">https://server.com/confirmation?message=Transaction+Complete</p> <p>what results in:</p> <p class="feature-text"><span>Confirmation: Transaction Complete</span></p> <p>In that case the message can be modified to become a valid Javascript code, e.g.:</p> <p class="feature-text">https://server.com/confirmation?message=<script>dangerous javascript code here</script></p> <p>and it will be executed locally by the user's browser with full access to the user's personal application/browser data:</p> <p class="feature-text"><span>Confirmation: <script>dangerous javascript code here</script></span></p> </div> <a href="/scan-now" class="btn btn--fill"><span>Scan Your Web App Now</span></a> </div> </div> </section> </div> <section class="get-started"> <div class="wrap wrap--inner animate"> <div class="header header--center"> <div class="typo-h2"> <h5>Scan your application<br> for 14 days for free</h5> </div> <p>No credit card is required. No commitment.</p> </div> <a href="/register" class="btn btn--fill"><span>Sign Up Free</span></a> </div> </section> <footer class="footer"> <div class="wrap wrap--inner clearfix"> <div class="col"> <h6>Contact</h6> <p><strong><a href="mailto:team@scanrepeat.com">team@scanrepeat.com</a><br>+1 (415) 340-8020</strong></p> <p><strong>ScanRepeat</strong><br>a Ventures CDX company</p> <p><strong>USA</strong><br>117 Park Avenue, San Jose<br>CA 95113</p> <p><strong>EMEA</strong><br>Laciarska 4, 50-104 Wroclaw<br>Poland</p> </div> <div class="col"> <h6>Product</h6> <ul> <li class=""> <a href="/features" title="Features">Features</a> </li> <li class=""> <a href="/#pricing" title="Pricing">Pricing</a> </li> <li class=""> <a href="/#faq" title="FAQ">FAQ</a> </li> <li class=""> <a href="/#how-it-works" title="How it works">How it works</a> </li> <li class=""> <a href="/web-security-knowledge-base" title="Web Security Knowledge Base">Web Security Knowledge Base</a> </li> <li class=""> <a href="/security-tests" title="Security tests">Security tests</a> </li> <li class=""> <a href="/top-security-issues" title="Top Security Issues (last 30 days)">Top Security Issues (last 30 days)</a> </li> </ul> </div> <div class="col"> <h6>Legal</h6> <ul> <li class=""> <a href="/terms" title="Terms of use">Terms of use</a> </li> <li class=""> <a href="/privacy-policy" title="Privacy policy">Privacy policy</a> </li> <li class=""> <a href="/cookies-policy" title="Cookies policy">Cookies policy</a> </li> </ul> </div> <div class="footer__social social"> <ul> <li> <a href="https://www.facebook.com/ScanRepeat/" aria-label="Facebook" target="_blank" rel="nofollow"><i class="icon-facebook"></i></a> </li> <li> <a href="https://twitter.com/ScanRepeat" aria-label="Twitter" target="_blank" rel="nofollow"><i class="icon-twitter"></i></a> </li> <li> <a href="https://www.linkedin.com/showcase/scanrepeat/" aria-label="LinkedIn" target="_blank" rel="nofollow"><i class="icon-linkedin"></i></a> </li> <li> <a href="https://github.com/ScanRepeat" aria-label="GitHub" target="_blank" rel="nofollow"><i class="icon-github"></i></a> </li>  </ul> </div> </div> <div class="wrap wrap--inner"> <div class="footer__copy"> <p>© ScanRepeat 2020</p> </div> </div> </footer> </main> <script src="/vendor/scripts/vendor.js?v=2301101430"></script> <script src="/vendor/scripts/main.js?v=2301101430"></script> <script src="/vendor/scripts/public_general.js?v=2301101430"></script> </body> </html>