CVE-2020-7676
Description
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping elements in ones changes parsing behavior, leading to possibly unsanitizing code.
Risk Information
Base Score
5.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.563
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0.0.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 19.0.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.3.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 22.0.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0 | Windows |
| Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability (CVE-2020-7676) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234