VDB

CVE-2025-66412

CVE-2025-66412 PUBLISHED CVSS 8.5 HIGH

Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

EPSS 0.03% · 8.1th percentile

Risk Scores

CVSS 4.0
8.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.03%
8.1th percentile

Affected Products

VendorProductVersions
angularcompiler21.0.0-next.0, 20.0.0-next.0, 19.0.0-next.0
angularangular0, 19.0.0, >= 21.0.0-next.0 < 21.0.2

Timeline

  • Nov 28, 2025 CVE ID Reserved
  • Dec 1, 2025 CVE Published
  • Dec 2, 2025 EPSS Score
  • Dec 2, 2025 PoC Published
  • Dec 3, 2025 PoC Published
  • Dec 3, 2025 PoC Published
  • Dec 4, 2025 PoC Published
  • Dec 6, 2025 EPSS Score
  • Dec 11, 2025 EPSS Score
  • Dec 15, 2025 EPSS Score
  • Dec 20, 2025 EPSS Score
  • Dec 24, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›