Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Angular has XSS Vulnerability via Unsanitized SVG Script Attributes
Vulnerability Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG <script> elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Angular 跨站脚本漏洞
Vulnerability Description
Angular是Angular开源的一个开发平台。用于使用 Typescript / JavaScript 和其他语言构建移动和桌面 Web 应用程序。 Angular 19.2.18之前版本、20.3.16之前版本、21.0.7之前版本和21.1.0-rc.0之前版本存在跨站脚本漏洞,该漏洞源于内部清理模式未能识别SVG script元素的href和xlink:href属性,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A