First published: Fri Jul 15 2022(Updated: )
All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of `<textarea>` elements. NPM package [angular](https://www.npmjs.com/package/angular) is deprecated. Those who want to receive security updates should use the actively maintained package [@angular/core](https://www.npmjs.com/package/@angular/core).
Credit: report@snyk.io
Affected Software | Affected Version | How to fix |
---|---|---|
npm/angular | <=1.8.3 | |
Angularjs Angular | ||
F5 BIG-IP | >=17.1.0<=17.1.1 | |
F5 BIG-IP | >=16.1.0<=16.1.5 | |
F5 BIG-IP | >=15.1.0<=15.1.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-25869 is a vulnerability in all versions of the angular package that allows for Cross-site Scripting (XSS) attacks due to insecure page caching in the Internet Explorer browser.
The CVE-2022-25869 vulnerability affects all versions of the angular package by allowing for Cross-site Scripting (XSS) attacks through insecure page caching in the Internet Explorer browser.
The severity of CVE-2022-25869 is medium with a CVSS score of 6.1.
To fix the CVE-2022-25869 vulnerability, it is recommended to update to a secure version of the angular package or switch to a different framework.
Yes, you can find more information about the CVE-2022-25869 vulnerability at the following references: [NVD](https://nvd.nist.gov/vuln/detail/CVE-2022-25869), [Glitch](https://glitch.com/edit/%23%21/angular-repro-textarea-xss), and [Snyk](https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783).