7.1

CVE-2019-14863

There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AngularjsAngularjs Version >= 1.0.0 <= 1.4.14
RedhatDecision Manager Version7.0
RedhatProcess Automation Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.38% 0.686
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
secalert@redhat.com 7.1 2.8 4.2
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14863
Third Party Advisory
Issue Tracking
https://snyk.io/vuln/npm:angular:20150807
Patch
Third Party Advisory