Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Angular has XSS in i18n attribute bindings
Vulnerability Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting (XSS) vulnerability has been identified in the Angular runtime and compiler. It occurs when the application uses a security-sensitive attribute (for example href on an anchor tag) together with Angular's ability to internationalize attributes. Enabling internationalization for the sensitive attribute by adding i18n-<attribute> name bypasses Angular's built-in sanitization mechanism, which when combined with a data binding to untrusted user-generated data can allow an attacker to inject a malicious script. This vulnerability is fixed in 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Angular 跨站脚本漏洞
Vulnerability Description
Angular是Angular开源的一个开发平台。用于使用 Typescript / JavaScript 和其他语言构建移动和桌面 Web 应用程序。 Angular 22.0.0-next.3之前版本、21.2.4之前版本、20.3.18之前版本和19.2.20之前版本存在跨站脚本漏洞,该漏洞源于Angular运行时和编译器中存在跨站脚本漏洞,当应用程序使用安全敏感属性与Angular的国际化属性功能结合时,通过添加i18n-<属性>名称启用敏感属性的国际化会绕过Angular的内置清理机制,结合对不
CVSS Information
N/A
Vulnerability Type
N/A