关键漏洞信息 漏洞类型 Cross-site Scripting (XSS) 影响范围 Package: org.webjars.bower:angular Version: 0.1 严重性 CVSS Score: 4.2 (MEDIUM) 漏洞描述 Overview: Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of elements. Details: XSS occurs when an attacker injects malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the user's browser when the user interacts with the compromised website. 攻击类型 Stored: Malicious code is stored in the application. Reflected: Attacker delivers a malicious link externally from the vulnerable web site application to a user. DOM-based: Attacker forces the user's browser to render a malicious page. Mutated: Attacker injects code that appears safe but is rewritten and modified by the browser. 受影响环境 Web servers Application servers Web application environments 防护措施 Sanitize data input in an HTTP request. Convert special characters. Give users the option to disable client-side scripts. Redirect invalid requests. Detect simultaneous logins. Use and enforce a Content Security Policy. Read library documentation for embedded HTML elements. CVSS Base Scores Snyk: 4.2 MEDIUM NVD: 6.1 MEDIUM Red Hat: 4.5 MEDIUM