CNNVD-202601-1743 Information
CNNVD ID
CNNVD-202601-1743
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
Angular是Angular开源的一个开发平台。用于使用 Typescript / JavaScript 和其他语言构建移动和桌面 Web 应用程序。 Angular 19.2.18之前版本、20.3.16之前版本、21.0.7之前版本和21.1.0-rc.0之前版本存在跨站脚本漏洞,该漏洞源于内部清理模式未能识别SVG script元素的href和xlink:href属性,可能导致跨站脚本攻击。
Description (English)
Angular is a development platform for the Angular open source. To build mobile and desktop Web applications using Typescript / JavaScript English and French. Angular pre-version 19.2.18, pre-version 20.3.16, pre-version 21.0.7 and pre-version 21.1.0-rc.0 had a cross-site script loophole, which stemmed from the failure of the internal clean-up model to recognize the href and xlink:href properties of the SVG script element, which could result in a cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Angular
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/angular/angular/commit/91dc91bae4a1bbefc58bef6ef739d0e02ab44d56 https://github.com/angular/angular/security/advisories/GHSA-jrmj-c5cx-3cw6 https://github.com/angular/angular/pull/66318