Headline
GHSA-prc3-vjfx-vhm9: Angular (deprecated package) Cross-site Scripting
All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.
NPM package angular is deprecated. Those who want to receive security updates should use the actively maintained package @angular/core.
Angular (deprecated package) Cross-site Scripting
Moderate severity GitHub Reviewed Published Jul 16, 2022 • Updated Jul 20, 2022
Related news
CVE-2022-25869: Cross-site Scripting (XSS) in org.webjars.bowergithub.angular:angular | CVE-2022-25869 | Snyk
All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.