" elements in "" ones changes p…"/> " elements in " ⌘K

Tip. Type any identifier and press Enter to open its detail page. Hit ⌘K from anywhere to focus the bar.

Open the full search in the app →
Sign in
VDB

CVE-2020-7676

CVE-2020-7676 PUBLISHED

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.

EPSS 0.56% · 68.8th percentile

Risk Scores

EPSS Score
0.56%
68.8th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:20.04:LTSangular.js1.5.10-1, 1.7.9-1, 1.7.9-1ubuntu0.1~esm1
Ubuntu:Pro:18.04:LTSangular.js0, 1.5.10-1, 1.5.10-1ubuntu0.1~esm1
Ubuntu:Pro:16.04:LTSangular.js0, 1.2.28-1ubuntu2, 1.2.28-1ubuntu2+esm1

Timeline

  • Jun 8, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›