Headline
CVE-2021-32854: GHSL-2021-1001: Copy-paste XSS in textAngular text editor - CVE-2021-32854
textAngular is a text editor for Angular.js. Version 1.5.16 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. There are no known patches.
Coordinated Disclosure Timeline
- 2021-09-15: Requested security contact publicly
- 2022-03-25: Publishing as per our disclosure policy
Summary
Copy-paste XSS in textAngular text editor
Product
textAngular
Tested Version
1.5.16
Details****Issue: Copy-paste XSS in textAngular (GHSL-2021-1001)
The textAngular text editor is vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor.
Proof of concept (tested on Chrome):
Open this page: cdn.sekurak.pl/copy-paste/playground.html
Paste the following code into “HTML Input”
<div class="MsoNormal">foobar<img src="foo" onload="alert(1)" onerror="alert(2)"/></div>Click “Copy as HTML”
Open http://textangular.com
Paste into the text editor.
Note: This issue was found using the following CodeQL query
Impact
This issue may lead to XSS with user interaction
- CVE-2021-32854
Credit
This issue was discovered by GHSL team member @erik-krogh (Erik Kristensen) using the CodeQL query contributed by @bananabr (Daniel Santos).
You can contact the GHSL team at [email protected], please include a reference to GHSL-2021-1001 in any communication regarding this issue.
Related news
textAngular is a text editor for Angular.js. Version 1.5.16 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. There are no known patches.