CNNVD-202512-003 Information
CNNVD ID
CNNVD-202512-003
Related CVE
- CNNVD Published: 2025-12-01
Description (Chinese)
Angular是Angular开源的一个开发平台。用于使用 Typescript / JavaScript 和其他语言构建移动和桌面 Web 应用程序。 Angular 21.0.2之前版本、20.3.15之前版本和19.2.17之前版本存在跨站脚本漏洞,该漏洞源于Angular模板编译器内部安全架构不完整,可能导致存储型跨站脚本攻击。
Description (English)
Angular is a development platform for the Angular open source. To build mobile and desktop Web applications using Typescript / JavaScript English and French. Angular 21.0.2 before, 20.3.15 and 19.2.17 have a cross-site script loophole, which stems from the incomplete internal security structure of the Angular template compiler, which may result in a storage-type cross-site script attack.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
Angular
Published
2025-12-01
Last Modified
2026-02-24
References
https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49
Patch
https://github.com/angular/angular/releases
Share on: