Description
XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith, JQLite.append, new JQLite and angular.element.
Recommendation
Update the angular package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.8.0
- Patched version(s): 1.8.0
References
Related Issues
- CleverTap Web SDK is vulnerable to DOM-based XSS via handleCustomHtmlPreviewPostMessageEvent function - CVE-2026-26861
- @tdurieux/anonymous_github Vulnerable to XSS via Unsanitized GitHub Repository Content Rendering in Anonymous GitHub Ori - Vulnerability
- TeleJSON: DOM XSS via unsanitised constructor name in `new Function()` - CVE-2026-47099
- Svelte: SSR XSS via Insecure Promise Serialization in hydratable - Vulnerability
You might also like:
- Tags:
- npm
- angular
Anything's wrong? Let us know Last updated on January 09, 2023