QwikSec

Security Database

CVE

CWE

Training

CVE-2022-25869

Published: Jul 15, 2022

Modified: Jul 28, 2025

PUBLISHED

CVSS v3.1

4.2

MEDIUM

Description

All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.

Vendor	Product	Versions
n/a	angular	affected `0 - < *`
n/a	org.webjars.npm:angular	affected `0 - < *`
n/a	org.webjars.bower:angular	affected `0 - < *`
n/a	org.webjars.bowergithub.angular:angular	affected `0 - < *`
n/a	AngularJS.Core	affected `0 - < *`
n/a	angularjs	affected `0 - < *`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

References

https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784

https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJSCORE-6084031

https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJS-10771617

https://neverendingsupport.github.io/angularjs-poc-cve-2022-25869

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.