cvelistv5 - cve-2022-25869

CVE-2022-25869 (GCVE-0-2022-25869)

Vulnerability from cvelistv5 – Published: 2022-07-15 20:02 – Updated: 2025-07-28 09:59

Summary

All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.

Severity ?

4.2 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P

CWE

CWE-79 - Cross-site Scripting (XSS)

Assigner

snyk

References

URL

Tags

	https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781
	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJAR…
	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJAR…
	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJAR…
	https://security.snyk.io/vuln/SNYK-DOTNET-ANGULAR…
	https://security.snyk.io/vuln/SNYK-DOTNET-ANGULAR…
	https://neverendingsupport.github.io/angularjs-po…

Impacted products

Vendor

Product

Version

n/a

angular

Affected: 0 , < * (semver)

n/a	org.webjars.npm:angular	Affected: 0 , < * (semver)
n/a	org.webjars.bower:angular	Affected: 0 , < * (semver)
n/a	org.webjars.bowergithub.angular:angular	Affected: 0 , < * (semver)
n/a	AngularJS.Core	Affected: 0 , < * (semver)
n/a	angularjs	Affected: 0 , < * (semver)

Credits

Michael Prentice

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:44.328Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://glitch.com/edit/%23%21/angular-repro-textarea-xss"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "angular",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "product": "org.webjars.npm:angular",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "product": "org.webjars.bower:angular",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "product": "org.webjars.bowergithub.angular:angular",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "product": "AngularJS.Core",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "product": "angularjs",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Michael Prentice"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of \u003ctextarea\u003e elements."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (XSS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T09:59:04.148Z",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJSCORE-6084031"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJS-10771617"
        },
        {
          "url": "https://neverendingsupport.github.io/angularjs-poc-cve-2022-25869"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2022-25869",
    "datePublished": "2022-07-15T20:02:02.727939Z",
    "dateReserved": "2022-02-24T00:00:00",
    "dateUpdated": "2025-07-28T09:59:04.148Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:angularjs:angular:*:*:*:*:*:node.js:*:*\", \"matchCriteriaId\": \"1342B5B6-9FDE-48BB-87C3-1BB07D5692A5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of \u003ctextarea\u003e elements.\"}, {\"lang\": \"es\", \"value\": \"Todas las versiones del paquete angular son vulnerables a un ataque de tipo Cross-site Scripting (XSS) debido al almacenamiento en cach\\u00e9 no seguro de la p\\u00e1gina en el navegador Internet Explorer, que permite la interpolaci\\u00f3n de elementos (textarea)\"}]",
      "id": "CVE-2022-25869",
      "lastModified": "2024-11-21T06:53:08.570",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"report@snyk.io\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N\", \"baseScore\": 4.2, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}]}",
      "published": "2022-07-15T20:15:08.487",
      "references": "[{\"url\": \"https://glitch.com/edit/%23%21/angular-repro-textarea-xss\", \"source\": \"report@snyk.io\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783\", \"source\": \"report@snyk.io\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784\", \"source\": \"report@snyk.io\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782\", \"source\": \"report@snyk.io\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781\", \"source\": \"report@snyk.io\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://glitch.com/edit/%23%21/angular-repro-textarea-xss\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "report@snyk.io",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-25869\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2022-07-15T20:15:08.487\",\"lastModified\":\"2025-11-20T17:53:57.180\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of \u003ctextarea\u003e elements.\"},{\"lang\":\"es\",\"value\":\"Todas las versiones del paquete angular son vulnerables a un ataque de tipo Cross-site Scripting (XSS) debido al almacenamiento en cach\u00e9 no seguro de la p\u00e1gina en el navegador Internet Explorer, que permite la interpolaci\u00f3n de elementos (textarea)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F696B5B0-AAD1-4876-8AC0-3113503B2460\"}]}]}],\"references\":[{\"url\":\"https://neverendingsupport.github.io/angularjs-poc-cve-2022-25869\",\"source\":\"report@snyk.io\"},{\"url\":\"https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJS-10771617\",\"source\":\"report@snyk.io\"},{\"url\":\"https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJSCORE-6084031\",\"source\":\"report@snyk.io\"},{\"url\":\"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783\",\"source\":\"report@snyk.io\"},{\"url\":\"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784\",\"source\":\"report@snyk.io\"},{\"url\":\"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782\",\"source\":\"report@snyk.io\"},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781\",\"source\":\"report@snyk.io\"},{\"url\":\"https://glitch.com/edit/%23%21/angular-repro-textarea-xss\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

WID-SEC-W-2024-0967

Vulnerability from csaf_certbund - Published: 2024-04-24 22:00 - Updated: 2024-06-03 22:00

Summary

IBM MQ: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

IBM MQ ist eine Message Oriented Middleware von IBM.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM MQ ausnutzen, um einen Denial of Service Angriff durchzuführen oder Cross-Site Scripting (XSS)-Angriffe durchzuführen.

Betroffene Betriebssysteme

- Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM MQ ist eine Message Oriented Middleware von IBM.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM MQ ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder Cross-Site Scripting (XSS)-Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0967 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0967.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0967 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0967"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2024-04-24",
        "url": "https://www.ibm.com/support/pages/node/7013499"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156277 vom 2024-06-03",
        "url": "https://www.ibm.com/support/pages/node/7156277"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM MQ: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-06-03T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:08:10.141+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0967",
      "initial_release_date": "2024-04-24T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-24T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-06-03T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM Business Automation Workflow",
            "product": {
              "name": "IBM Business Automation Workflow",
              "product_id": "T019704",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:business_automation_workflow:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Appliance \u003c9.3.0",
                "product": {
                  "name": "IBM MQ Appliance \u003c9.3.0",
                  "product_id": "T034407"
                }
              }
            ],
            "category": "product_name",
            "name": "MQ"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-25844",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM MQ. Diese Fehler bestehen im AngularJS-Modul aufgrund eines Problems mit regul\u00e4ren Ausdr\u00fccken. Durch die Bereitstellung speziell gestalteter Regex-Eingaben kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019704"
        ]
      },
      "release_date": "2024-04-24T22:00:00.000+00:00",
      "title": "CVE-2022-25844"
    },
    {
      "cve": "CVE-2023-26116",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM MQ. Diese Fehler bestehen im AngularJS-Modul aufgrund eines Problems mit regul\u00e4ren Ausdr\u00fccken. Durch die Bereitstellung speziell gestalteter Regex-Eingaben kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019704"
        ]
      },
      "release_date": "2024-04-24T22:00:00.000+00:00",
      "title": "CVE-2023-26116"
    },
    {
      "cve": "CVE-2023-26117",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM MQ. Diese Fehler bestehen im AngularJS-Modul aufgrund eines Problems mit regul\u00e4ren Ausdr\u00fccken. Durch die Bereitstellung speziell gestalteter Regex-Eingaben kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019704"
        ]
      },
      "release_date": "2024-04-24T22:00:00.000+00:00",
      "title": "CVE-2023-26117"
    },
    {
      "cve": "CVE-2023-26118",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in IBM MQ. Diese Fehler bestehen im AngularJS-Modul aufgrund eines Problems mit regul\u00e4ren Ausdr\u00fccken. Durch die Bereitstellung speziell gestalteter Regex-Eingaben kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019704"
        ]
      },
      "release_date": "2024-04-24T22:00:00.000+00:00",
      "title": "CVE-2023-26118"
    },
    {
      "cve": "CVE-2022-25869",
      "notes": [
        {
          "category": "description",
          "text": "In IBM MQ existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in Node.js angular module nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019704"
        ]
      },
      "release_date": "2024-04-24T22:00:00.000+00:00",
      "title": "CVE-2022-25869"
    }
  ]
}

WID-SEC-W-2022-0701

Vulnerability from csaf_certbund - Published: 2022-07-17 22:00 - Updated: 2025-01-06 23:00

Summary

Angular: Schwachstelle ermöglicht Cross-Site Scripting

Notes

Produktbeschreibung

Angular ist ein TypeScript-basiertes Front-End-Webapplikationsframework.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Angular ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux - MacOS X - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Angular ist ein TypeScript-basiertes Front-End-Webapplikationsframework.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Angular ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0701 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0701.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0701 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0701"
      },
      {
        "category": "external",
        "summary": "Snyk.io Security Advisory vom 2022-07-17",
        "url": "https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781"
      },
      {
        "category": "external",
        "summary": "NIST Database vom 2022-07-17",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25869"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6839771 vom 2022-11-17",
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-tivoli-business-service-manager-is-vulnerable-to-cross-site-scripting-due-to-improper-validation-in-angular-cve-2022-25869/"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7023212 vom 2023-08-09",
        "url": "https://www.ibm.com/support/pages/node/7023212"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7030667 vom 2023-09-05",
        "url": "https://www.ibm.com/support/pages/node/7030667"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156277 vom 2024-06-03",
        "url": "https://www.ibm.com/support/pages/node/7156277"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7169778 vom 2024-09-24",
        "url": "https://www.ibm.com/support/pages/node/7169778"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K000141459 vom 2024-10-16",
        "url": "https://my.f5.com/manage/s/article/K000141459"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7180361 vom 2025-01-07",
        "url": "https://www.ibm.com/support/pages/node/7180361"
      }
    ],
    "source_lang": "en-US",
    "title": "Angular: Schwachstelle erm\u00f6glicht Cross-Site Scripting",
    "tracking": {
      "current_release_date": "2025-01-06T23:00:00.000+00:00",
      "generator": {
        "date": "2025-01-07T11:48:17.026+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2022-0701",
      "initial_release_date": "2022-07-17T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-07-17T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-11-16T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-08-09T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-09-05T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-06-03T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-09-23T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-10-15T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von F5 aufgenommen"
        },
        {
          "date": "2025-01-06T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "8"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "F5 BIG-IP",
            "product": {
              "name": "F5 BIG-IP",
              "product_id": "T001663",
              "product_identification_helper": {
                "cpe": "cpe:/a:f5:big-ip:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "F5"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM Business Automation Workflow",
            "product": {
              "name": "IBM Business Automation Workflow",
              "product_id": "T019704",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:business_automation_workflow:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9.1",
                "product": {
                  "name": "IBM MQ 9.1",
                  "product_id": "T014765",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:9.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9",
                "product": {
                  "name": "IBM MQ 9.0",
                  "product_id": "T014766",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:9.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.2",
                "product": {
                  "name": "IBM MQ 9.2",
                  "product_id": "T016984",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:9.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "MQ"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.1.16.3",
                "product": {
                  "name": "IBM Spectrum Protect Plus \u003c10.1.16.3",
                  "product_id": "T037795"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.16.3",
                "product": {
                  "name": "IBM Spectrum Protect Plus 10.1.16.3",
                  "product_id": "T037795-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1.16.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.1.6.4",
                "product": {
                  "name": "IBM Spectrum Protect Plus \u003c10.1.6.4",
                  "product_id": "T040030"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.6.4",
                "product": {
                  "name": "IBM Spectrum Protect Plus 10.1.6.4",
                  "product_id": "T040030-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1.6.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Spectrum Protect Plus"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM Tivoli Business Service Manager",
                "product": {
                  "name": "IBM Tivoli Business Service Manager",
                  "product_id": "5175",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_business_service_manager:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "6.2.0",
                "product": {
                  "name": "IBM Tivoli Business Service Manager 6.2.0",
                  "product_id": "T014092",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_business_service_manager:6.2.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tivoli Business Service Manager"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Angular",
            "product": {
              "name": "Open Source Angular",
              "product_id": "907376",
              "product_identification_helper": {
                "cpe": "cpe:/a:angularjs:angular.js:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-25869",
      "notes": [
        {
          "category": "description",
          "text": "In Angular existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "907376",
          "5175",
          "T040030",
          "T014092",
          "T019704",
          "T014766",
          "T014765",
          "T001663",
          "T016984",
          "T037795"
        ]
      },
      "release_date": "2022-07-17T22:00:00.000+00:00",
      "title": "CVE-2022-25869"
    }
  ]
}

GSD-2022-25869

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.

Aliases

CVE-2022-25869

Aliases

CVE-2022-25869

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-25869",
    "description": "All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of \u003ctextarea\u003e elements.",
    "id": "GSD-2022-25869"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-25869"
      ],
      "details": "All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of \u003ctextarea\u003e elements.",
      "id": "GSD-2022-25869",
      "modified": "2023-12-13T01:19:26.707024Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "report@snyk.io",
        "DATE_PUBLIC": "2022-07-15T20:00:01.169600Z",
        "ID": "CVE-2022-25869",
        "STATE": "PUBLIC",
        "TITLE": "Cross-site Scripting (XSS)"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "angular",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003e=",
                          "version_value": "0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Michael Prentice"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of \u003ctextarea\u003e elements."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Cross-site Scripting (XSS)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781",
            "refsource": "MISC",
            "url": "https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781"
          },
          {
            "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782",
            "refsource": "MISC",
            "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782"
          },
          {
            "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783",
            "refsource": "MISC",
            "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783"
          },
          {
            "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784",
            "refsource": "MISC",
            "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784"
          },
          {
            "name": "https://glitch.com/edit/%23%21/angular-repro-textarea-xss",
            "refsource": "MISC",
            "url": "https://glitch.com/edit/%23%21/angular-repro-textarea-xss"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "",
          "affected_versions": "All versions",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2022-07-21",
          "description": "All versions of package angular is vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of \u003ctextarea\u003e elements.",
          "fixed_versions": [],
          "identifier": "CVE-2022-25869",
          "identifiers": [
            "CVE-2022-25869"
          ],
          "not_impacted": "",
          "package_slug": "npm/angular",
          "pubdate": "2022-07-15",
          "solution": "Unfortunately, there is no solution as this package has been archived and is no longer maintained.",
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-25869",
            "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784",
            "https://glitch.com/edit/%23%21/angular-repro-textarea-xss",
            "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783",
            "https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781",
            "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782"
          ],
          "uuid": "ccdae741-52f1-4723-8385-f7cdcb38d007"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:angularjs:angular:*:*:*:*:*:node.js:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "report@snyk.io",
          "ID": "CVE-2022-25869"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of \u003ctextarea\u003e elements."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "N/A",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784"
            },
            {
              "name": "N/A",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "https://glitch.com/edit/%23%21/angular-repro-textarea-xss"
            },
            {
              "name": "N/A",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783"
            },
            {
              "name": "N/A",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781"
            },
            {
              "name": "N/A",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2022-07-21T14:32Z",
      "publishedDate": "2022-07-15T20:15Z"
    }
  }
}

CERTFR-2025-AVI-0021

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Security QRadar EDR	Security QRadar EDR versions antérieures à 3.12.14
IBM	Spectrum	Spectrum Control versions 5.4.x antérieures à 5.4.13
IBM	Spectrum	Spectrum Protect Plus versions 10.1.x antérieures à 10.1.6.4 pour Linux
IBM	QRadar SIEM	QRadar SIEM versions 7.5.x sans les derniers correctifs de sécurité
IBM	QRadar	QRadar Analyst Workflow versions antérieures à 2.34.0
IBM	Db2	Db2 Big SQL versions antérieures à 7.4.2 pour Cloud Pak for Data

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7180462	2025-01-08	vendor-advisory
Bulletin de sécurité IBM 7180361	2025-01-07	vendor-advisory
Bulletin de sécurité IBM 7180282	2025-01-04	vendor-advisory
Bulletin de sécurité IBM 7180314	2025-01-06	vendor-advisory
Bulletin de sécurité IBM 7180450	2025-01-09	vendor-advisory
Bulletin de sécurité IBM 7180545	2025-01-08	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.14",
      "product": {
        "name": "Security QRadar EDR",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Spectrum Control versions 5.4.x ant\u00e9rieures \u00e0 5.4.13 ",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.6.4 pour Linux",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.x sans les derniers correctifs de s\u00e9curit\u00e9 ",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Analyst Workflow versions ant\u00e9rieures \u00e0 2.34.0",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Big SQL versions ant\u00e9rieures \u00e0 7.4.2 pour Cloud Pak for Data",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-24790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
    },
    {
      "name": "CVE-2023-52471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52471"
    },
    {
      "name": "CVE-2024-36889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36889"
    },
    {
      "name": "CVE-2015-2156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2156"
    },
    {
      "name": "CVE-2023-43642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
    },
    {
      "name": "CVE-2024-42246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42246"
    },
    {
      "name": "CVE-2024-22020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
    },
    {
      "name": "CVE-2024-26614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26614"
    },
    {
      "name": "CVE-2022-25869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25869"
    },
    {
      "name": "CVE-2024-9355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9355"
    },
    {
      "name": "CVE-2023-26116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26116"
    },
    {
      "name": "CVE-2024-26595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26595"
    },
    {
      "name": "CVE-2024-55565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
    },
    {
      "name": "CVE-2024-26586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26586"
    },
    {
      "name": "CVE-2024-26638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26638"
    },
    {
      "name": "CVE-2024-47831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47831"
    },
    {
      "name": "CVE-2020-7238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7238"
    },
    {
      "name": "CVE-2021-46939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46939"
    },
    {
      "name": "CVE-2024-43799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
    },
    {
      "name": "CVE-2024-49766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
    },
    {
      "name": "CVE-2024-36886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36886"
    },
    {
      "name": "CVE-2021-32036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32036"
    },
    {
      "name": "CVE-2024-26802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26802"
    },
    {
      "name": "CVE-2024-36883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36883"
    },
    {
      "name": "CVE-2024-26665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26665"
    },
    {
      "name": "CVE-2024-40960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40960"
    },
    {
      "name": "CVE-2024-40997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40997"
    },
    {
      "name": "CVE-2023-44270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
    },
    {
      "name": "CVE-2019-20444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
    },
    {
      "name": "CVE-2023-34454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
    },
    {
      "name": "CVE-2024-26645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26645"
    },
    {
      "name": "CVE-2024-42240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
    },
    {
      "name": "CVE-2024-40972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40972"
    },
    {
      "name": "CVE-2024-29025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
    },
    {
      "name": "CVE-2024-40959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40959"
    },
    {
      "name": "CVE-2023-34453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
    },
    {
      "name": "CVE-2023-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
    },
    {
      "name": "CVE-2024-45590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
    },
    {
      "name": "CVE-2019-10202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
    },
    {
      "name": "CVE-2024-43796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
    },
    {
      "name": "CVE-2021-32040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32040"
    },
    {
      "name": "CVE-2024-34158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
    },
    {
      "name": "CVE-2024-40974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40974"
    },
    {
      "name": "CVE-2024-4067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
    },
    {
      "name": "CVE-2024-42124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42124"
    },
    {
      "name": "CVE-2023-26117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26117"
    },
    {
      "name": "CVE-2022-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
    },
    {
      "name": "CVE-2023-52486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52486"
    },
    {
      "name": "CVE-2014-0193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0193"
    },
    {
      "name": "CVE-2022-21680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
    },
    {
      "name": "CVE-2024-39502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39502"
    },
    {
      "name": "CVE-2024-36005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
    },
    {
      "name": "CVE-2024-26929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26929"
    },
    {
      "name": "CVE-2019-14863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14863"
    },
    {
      "name": "CVE-2023-52683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52683"
    },
    {
      "name": "CVE-2024-42131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
    },
    {
      "name": "CVE-2024-35944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35944"
    },
    {
      "name": "CVE-2024-21538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
    },
    {
      "name": "CVE-2023-52469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52469"
    },
    {
      "name": "CVE-2024-35809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35809"
    },
    {
      "name": "CVE-2024-47764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
    },
    {
      "name": "CVE-2023-52809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52809"
    },
    {
      "name": "CVE-2023-52451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52451"
    },
    {
      "name": "CVE-2024-39472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39472"
    },
    {
      "name": "CVE-2023-34455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2021-21295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
    },
    {
      "name": "CVE-2024-26733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26733"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2024-40998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40998"
    },
    {
      "name": "CVE-2022-46751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46751"
    },
    {
      "name": "CVE-2023-52470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52470"
    },
    {
      "name": "CVE-2021-43797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
    },
    {
      "name": "CVE-2020-7676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7676"
    },
    {
      "name": "CVE-2024-40995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40995"
    },
    {
      "name": "CVE-2023-26118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26118"
    },
    {
      "name": "CVE-2024-42238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42238"
    },
    {
      "name": "CVE-2024-34156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
    },
    {
      "name": "CVE-2024-43830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43830"
    },
    {
      "name": "CVE-2024-39501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39501"
    },
    {
      "name": "CVE-2023-52730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52730"
    },
    {
      "name": "CVE-2024-42090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42090"
    },
    {
      "name": "CVE-2024-26960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26960"
    },
    {
      "name": "CVE-2024-40901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40901"
    },
    {
      "name": "CVE-2021-47321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47321"
    },
    {
      "name": "CVE-2024-26640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26640"
    },
    {
      "name": "CVE-2024-40954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
    },
    {
      "name": "CVE-2024-49767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
    },
    {
      "name": "CVE-2024-22018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
    },
    {
      "name": "CVE-2019-10172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
    },
    {
      "name": "CVE-2024-6119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
    },
    {
      "name": "CVE-2024-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
    },
    {
      "name": "CVE-2024-47874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47874"
    },
    {
      "name": "CVE-2024-42322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
    },
    {
      "name": "CVE-2024-27019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27019"
    },
    {
      "name": "CVE-2024-43800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
    },
    {
      "name": "CVE-2024-28863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
    },
    {
      "name": "CVE-2024-39338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
    },
    {
      "name": "CVE-2024-41055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
    },
    {
      "name": "CVE-2024-41076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41076"
    },
    {
      "name": "CVE-2024-39506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39506"
    },
    {
      "name": "CVE-2024-40978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
    },
    {
      "name": "CVE-2021-21290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
    },
    {
      "name": "CVE-2019-10768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10768"
    },
    {
      "name": "CVE-2022-3602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
    },
    {
      "name": "CVE-2024-41044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
    },
    {
      "name": "CVE-2024-40958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
    },
    {
      "name": "CVE-2024-26717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26717"
    },
    {
      "name": "CVE-2023-26136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
    },
    {
      "name": "CVE-2024-42152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
    },
    {
      "name": "CVE-2024-39499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39499"
    },
    {
      "name": "CVE-2024-36006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36006"
    },
    {
      "name": "CVE-2023-52476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52476"
    },
    {
      "name": "CVE-2023-52463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52463"
    },
    {
      "name": "CVE-2024-41064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
    },
    {
      "name": "CVE-2024-34155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
    },
    {
      "name": "CVE-2023-52530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52530"
    },
    {
      "name": "CVE-2024-36000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36000"
    },
    {
      "name": "CVE-2024-26855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26855"
    },
    {
      "name": "CVE-2019-16869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
    },
    {
      "name": "CVE-2022-21681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
    },
    {
      "name": "CVE-2024-42237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42237"
    },
    {
      "name": "CVE-2024-24789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
    },
    {
      "name": "CVE-2024-27011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
    },
    {
      "name": "CVE-2019-20445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0021",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-01-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180462",
      "url": "https://www.ibm.com/support/pages/node/7180462"
    },
    {
      "published_at": "2025-01-07",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180361",
      "url": "https://www.ibm.com/support/pages/node/7180361"
    },
    {
      "published_at": "2025-01-04",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180282",
      "url": "https://www.ibm.com/support/pages/node/7180282"
    },
    {
      "published_at": "2025-01-06",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180314",
      "url": "https://www.ibm.com/support/pages/node/7180314"
    },
    {
      "published_at": "2025-01-09",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180450",
      "url": "https://www.ibm.com/support/pages/node/7180450"
    },
    {
      "published_at": "2025-01-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180545",
      "url": "https://www.ibm.com/support/pages/node/7180545"
    }
  ]
}

CERTFR-2025-AVI-0021

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Security QRadar EDR	Security QRadar EDR versions antérieures à 3.12.14
IBM	Spectrum	Spectrum Control versions 5.4.x antérieures à 5.4.13
IBM	Spectrum	Spectrum Protect Plus versions 10.1.x antérieures à 10.1.6.4 pour Linux
IBM	QRadar SIEM	QRadar SIEM versions 7.5.x sans les derniers correctifs de sécurité
IBM	QRadar	QRadar Analyst Workflow versions antérieures à 2.34.0
IBM	Db2	Db2 Big SQL versions antérieures à 7.4.2 pour Cloud Pak for Data

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7180462	2025-01-08	vendor-advisory
Bulletin de sécurité IBM 7180361	2025-01-07	vendor-advisory
Bulletin de sécurité IBM 7180282	2025-01-04	vendor-advisory
Bulletin de sécurité IBM 7180314	2025-01-06	vendor-advisory
Bulletin de sécurité IBM 7180450	2025-01-09	vendor-advisory
Bulletin de sécurité IBM 7180545	2025-01-08	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.14",
      "product": {
        "name": "Security QRadar EDR",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Spectrum Control versions 5.4.x ant\u00e9rieures \u00e0 5.4.13 ",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.6.4 pour Linux",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.x sans les derniers correctifs de s\u00e9curit\u00e9 ",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Analyst Workflow versions ant\u00e9rieures \u00e0 2.34.0",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Big SQL versions ant\u00e9rieures \u00e0 7.4.2 pour Cloud Pak for Data",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-24790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
    },
    {
      "name": "CVE-2023-52471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52471"
    },
    {
      "name": "CVE-2024-36889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36889"
    },
    {
      "name": "CVE-2015-2156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2156"
    },
    {
      "name": "CVE-2023-43642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
    },
    {
      "name": "CVE-2024-42246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42246"
    },
    {
      "name": "CVE-2024-22020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
    },
    {
      "name": "CVE-2024-26614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26614"
    },
    {
      "name": "CVE-2022-25869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25869"
    },
    {
      "name": "CVE-2024-9355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9355"
    },
    {
      "name": "CVE-2023-26116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26116"
    },
    {
      "name": "CVE-2024-26595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26595"
    },
    {
      "name": "CVE-2024-55565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
    },
    {
      "name": "CVE-2024-26586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26586"
    },
    {
      "name": "CVE-2024-26638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26638"
    },
    {
      "name": "CVE-2024-47831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47831"
    },
    {
      "name": "CVE-2020-7238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7238"
    },
    {
      "name": "CVE-2021-46939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46939"
    },
    {
      "name": "CVE-2024-43799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
    },
    {
      "name": "CVE-2024-49766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
    },
    {
      "name": "CVE-2024-36886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36886"
    },
    {
      "name": "CVE-2021-32036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32036"
    },
    {
      "name": "CVE-2024-26802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26802"
    },
    {
      "name": "CVE-2024-36883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36883"
    },
    {
      "name": "CVE-2024-26665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26665"
    },
    {
      "name": "CVE-2024-40960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40960"
    },
    {
      "name": "CVE-2024-40997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40997"
    },
    {
      "name": "CVE-2023-44270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
    },
    {
      "name": "CVE-2019-20444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
    },
    {
      "name": "CVE-2023-34454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
    },
    {
      "name": "CVE-2024-26645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26645"
    },
    {
      "name": "CVE-2024-42240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
    },
    {
      "name": "CVE-2024-40972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40972"
    },
    {
      "name": "CVE-2024-29025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
    },
    {
      "name": "CVE-2024-40959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40959"
    },
    {
      "name": "CVE-2023-34453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
    },
    {
      "name": "CVE-2023-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
    },
    {
      "name": "CVE-2024-45590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
    },
    {
      "name": "CVE-2019-10202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
    },
    {
      "name": "CVE-2024-43796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
    },
    {
      "name": "CVE-2021-32040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32040"
    },
    {
      "name": "CVE-2024-34158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
    },
    {
      "name": "CVE-2024-40974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40974"
    },
    {
      "name": "CVE-2024-4067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
    },
    {
      "name": "CVE-2024-42124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42124"
    },
    {
      "name": "CVE-2023-26117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26117"
    },
    {
      "name": "CVE-2022-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
    },
    {
      "name": "CVE-2023-52486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52486"
    },
    {
      "name": "CVE-2014-0193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0193"
    },
    {
      "name": "CVE-2022-21680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
    },
    {
      "name": "CVE-2024-39502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39502"
    },
    {
      "name": "CVE-2024-36005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
    },
    {
      "name": "CVE-2024-26929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26929"
    },
    {
      "name": "CVE-2019-14863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14863"
    },
    {
      "name": "CVE-2023-52683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52683"
    },
    {
      "name": "CVE-2024-42131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
    },
    {
      "name": "CVE-2024-35944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35944"
    },
    {
      "name": "CVE-2024-21538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
    },
    {
      "name": "CVE-2023-52469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52469"
    },
    {
      "name": "CVE-2024-35809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35809"
    },
    {
      "name": "CVE-2024-47764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
    },
    {
      "name": "CVE-2023-52809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52809"
    },
    {
      "name": "CVE-2023-52451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52451"
    },
    {
      "name": "CVE-2024-39472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39472"
    },
    {
      "name": "CVE-2023-34455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2021-21295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
    },
    {
      "name": "CVE-2024-26733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26733"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2024-40998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40998"
    },
    {
      "name": "CVE-2022-46751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46751"
    },
    {
      "name": "CVE-2023-52470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52470"
    },
    {
      "name": "CVE-2021-43797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
    },
    {
      "name": "CVE-2020-7676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7676"
    },
    {
      "name": "CVE-2024-40995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40995"
    },
    {
      "name": "CVE-2023-26118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26118"
    },
    {
      "name": "CVE-2024-42238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42238"
    },
    {
      "name": "CVE-2024-34156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
    },
    {
      "name": "CVE-2024-43830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43830"
    },
    {
      "name": "CVE-2024-39501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39501"
    },
    {
      "name": "CVE-2023-52730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52730"
    },
    {
      "name": "CVE-2024-42090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42090"
    },
    {
      "name": "CVE-2024-26960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26960"
    },
    {
      "name": "CVE-2024-40901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40901"
    },
    {
      "name": "CVE-2021-47321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47321"
    },
    {
      "name": "CVE-2024-26640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26640"
    },
    {
      "name": "CVE-2024-40954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
    },
    {
      "name": "CVE-2024-49767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
    },
    {
      "name": "CVE-2024-22018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
    },
    {
      "name": "CVE-2019-10172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
    },
    {
      "name": "CVE-2024-6119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
    },
    {
      "name": "CVE-2024-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
    },
    {
      "name": "CVE-2024-47874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47874"
    },
    {
      "name": "CVE-2024-42322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
    },
    {
      "name": "CVE-2024-27019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27019"
    },
    {
      "name": "CVE-2024-43800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
    },
    {
      "name": "CVE-2024-28863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
    },
    {
      "name": "CVE-2024-39338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
    },
    {
      "name": "CVE-2024-41055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
    },
    {
      "name": "CVE-2024-41076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41076"
    },
    {
      "name": "CVE-2024-39506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39506"
    },
    {
      "name": "CVE-2024-40978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
    },
    {
      "name": "CVE-2021-21290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
    },
    {
      "name": "CVE-2019-10768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10768"
    },
    {
      "name": "CVE-2022-3602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
    },
    {
      "name": "CVE-2024-41044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
    },
    {
      "name": "CVE-2024-40958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
    },
    {
      "name": "CVE-2024-26717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26717"
    },
    {
      "name": "CVE-2023-26136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
    },
    {
      "name": "CVE-2024-42152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
    },
    {
      "name": "CVE-2024-39499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39499"
    },
    {
      "name": "CVE-2024-36006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36006"
    },
    {
      "name": "CVE-2023-52476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52476"
    },
    {
      "name": "CVE-2023-52463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52463"
    },
    {
      "name": "CVE-2024-41064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
    },
    {
      "name": "CVE-2024-34155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
    },
    {
      "name": "CVE-2023-52530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52530"
    },
    {
      "name": "CVE-2024-36000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36000"
    },
    {
      "name": "CVE-2024-26855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26855"
    },
    {
      "name": "CVE-2019-16869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
    },
    {
      "name": "CVE-2022-21681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
    },
    {
      "name": "CVE-2024-42237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42237"
    },
    {
      "name": "CVE-2024-24789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
    },
    {
      "name": "CVE-2024-27011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
    },
    {
      "name": "CVE-2019-20445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0021",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-01-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180462",
      "url": "https://www.ibm.com/support/pages/node/7180462"
    },
    {
      "published_at": "2025-01-07",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180361",
      "url": "https://www.ibm.com/support/pages/node/7180361"
    },
    {
      "published_at": "2025-01-04",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180282",
      "url": "https://www.ibm.com/support/pages/node/7180282"
    },
    {
      "published_at": "2025-01-06",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180314",
      "url": "https://www.ibm.com/support/pages/node/7180314"
    },
    {
      "published_at": "2025-01-09",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180450",
      "url": "https://www.ibm.com/support/pages/node/7180450"
    },
    {
      "published_at": "2025-01-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180545",
      "url": "https://www.ibm.com/support/pages/node/7180545"
    }
  ]
}

FKIE_CVE-2022-25869

Vulnerability from fkie_nvd - Published: 2022-07-15 20:15 - Updated: 2025-11-20 17:53

Severity ?

4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
report@snyk.io	https://neverendingsupport.github.io/angularjs-poc-cve-2022-25869
report@snyk.io	https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJS-10771617
report@snyk.io	https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJSCORE-6084031
report@snyk.io	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783
report@snyk.io	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784
report@snyk.io	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782
report@snyk.io	https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781
af854a3a-2127-422b-91ae-364da2661108	https://glitch.com/edit/%23%21/angular-repro-textarea-xss	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	angularjs	angularjs	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F696B5B0-AAD1-4876-8AC0-3113503B2460",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of \u003ctextarea\u003e elements."
    },
    {
      "lang": "es",
      "value": "Todas las versiones del paquete angular son vulnerables a un ataque de tipo Cross-site Scripting (XSS) debido al almacenamiento en cach\u00e9 no seguro de la p\u00e1gina en el navegador Internet Explorer, que permite la interpolaci\u00f3n de elementos (textarea)"
    }
  ],
  "id": "CVE-2022-25869",
  "lastModified": "2025-11-20T17:53:57.180",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 2.5,
        "source": "report@snyk.io",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-15T20:15:08.487",
  "references": [
    {
      "source": "report@snyk.io",
      "url": "https://neverendingsupport.github.io/angularjs-poc-cve-2022-25869"
    },
    {
      "source": "report@snyk.io",
      "url": "https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJS-10771617"
    },
    {
      "source": "report@snyk.io",
      "url": "https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJSCORE-6084031"
    },
    {
      "source": "report@snyk.io",
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783"
    },
    {
      "source": "report@snyk.io",
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784"
    },
    {
      "source": "report@snyk.io",
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782"
    },
    {
      "source": "report@snyk.io",
      "url": "https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://glitch.com/edit/%23%21/angular-repro-textarea-xss"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781"
    }
  ],
  "sourceIdentifier": "report@snyk.io",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "report@snyk.io",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-PRC3-VJFX-VHM9

Vulnerability from github – Published: 2022-07-16 00:00 – Updated: 2025-07-28 13:10

Summary

Angular (deprecated package) Cross-site Scripting

Details

All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.

NPM package angular is deprecated. Those who want to receive security updates should use the actively maintained package @angular/core.

Severity ?

6.1 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "angular"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.8.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-25869"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-20T00:41:18Z",
    "nvd_published_at": "2022-07-15T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of `\u003ctextarea\u003e` elements.\n\nNPM package [angular](https://www.npmjs.com/package/angular) is deprecated. Those who want to receive security updates should use the actively maintained package [@angular/core](https://www.npmjs.com/package/@angular/core).",
  "id": "GHSA-prc3-vjfx-vhm9",
  "modified": "2025-07-28T13:10:19Z",
  "published": "2022-07-16T00:00:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25869"
    },
    {
      "type": "WEB",
      "url": "https://glitch.com/edit/%23%21/angular-repro-textarea-xss"
    },
    {
      "type": "WEB",
      "url": "https://neverendingsupport.github.io/angularjs-poc-cve-2022-25869"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJS-10771617"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJSCORE-6084031"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781"
    },
    {
      "type": "PACKAGE",
      "url": "https://www.npmjs.com/package/angular"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Angular (deprecated package) Cross-site Scripting"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-25869 (GCVE-0-2022-25869)

WID-SEC-W-2024-0967

WID-SEC-W-2022-0701

GSD-2022-25869

CERTFR-2025-AVI-0021

Solutions

CERTFR-2025-AVI-0021

Solutions

FKIE_CVE-2022-25869

GHSA-PRC3-VJFX-VHM9

Tags

Sightings

Nomenclature