Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-25869

All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.

Published

2022-07-15T20:15:08.487

Last Modified

2025-11-20T17:53:57.180

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.2 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	angularjs	angularjs	*	Yes

References

https://neverendingsupport.github.io/angularjs-poc-cve-2022-25869 ([email protected])
https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJS-10771617 ([email protected])
https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJSCORE-6084031 ([email protected])
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783 ([email protected])
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784 ([email protected])
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782 ([email protected])
https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781 ([email protected])
https://glitch.com/edit/%23%21/angular-repro-textarea-xss Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)