CVE-2019-14863

CWE-79Cross-site Scripting (XSS)10 documents8 sources
Severity
6.1MEDIUM
EPSS
0.1%
top 73.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Angularjs AngularjsRED HAT Angular:Redhat Decision Manager+1 more
Timeline
PublishedJan 2
Latest updateJan 14

Description

There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages7 packages

npmangular< 1.5.0-beta.1
Debianangular.js< 1.5.3-2+3
Ubuntuangular.js< 1.8.2-2ubuntu0.1+4
NVDangularjs/angularjs1.0.01.4.14
CVEListV5red_hat/angular:all angular versions before 1.5.0-beta.0

Patches

Patch: snyk.ioPatch: snyk.io

🔴Vulnerability Details

5
OSV
angular.js vulnerabilities2026-01-14
OSV
AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes2020-02-14
GHSA
AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes2020-02-14
OSV
CVE-2019-14863: There is a vulnerability in all angular versions before 12020-01-02
CVEList
CVE-2019-14863: There is a vulnerability in all angular versions before 12020-01-02

📋Vendor Advisories

3
Ubuntu
AngularJS vulnerabilities2026-01-14
Red Hat
angular: Cross-site Scripting (XSS) due to no proper sanitization of xlink:href attributes2019-10-15
Debian
CVE-2019-14863: angular.js - There is a vulnerability in all angular versions before 1.5.0-beta.0, where afte...2019

💬Community

1
Bugzilla
CVE-2019-14863 angular: Cross-site Scripting (XSS) due to no proper sanitization of xlink:href attributes2019-10-21