CVE-2020-7676

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
08/06/2020
Last modified:
07/11/2023

Description

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:* 1.8.0 (excluding)