Description
All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.
NPM package angular is deprecated. Those who want to receive security updates should use the actively maintained package @angular/core.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.8.3
References
- GHSA-prc3-vjfx-vhm9
- glitch.com
- snyk.io
- neverendingsupport.github.io
- security.snyk.io
- CVE-2022-25869
- CWE-79
- CAPEC-310
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- Angular vulnerable to Cross-site Scripting - CVE-2020-7676
- AngularJS allows attackers to bypass common image source restrictions (GHSA-mqm9-c95h-x2p6) - CVE-2024-8373
- AngularJS allows attackers to bypass common image source restrictions - CVE-2024-8372
- angular vulnerable to super-linear runtime due to backtracking - CVE-2024-21490
- Tags:
- npm
- angular
Anything's wrong? Let us know Last updated on July 28, 2025