CVE-2022-25869 (Medium) detected in multiple libraries

[mend-bolt-for-github[bot]]

CVE-2022-25869 - Medium Severity Vulnerability

Vulnerable Libraries - angular-1.5.11.tgz, angular-1.6.10.tgz, angular-1.8.3.tgz

angular-1.5.11.tgz

HTML enhanced for web apps

Library home page: https://registry.npmjs.org/angular/-/angular-1.5.11.tgz

Path to dependency file: /package.json

Path to vulnerable library: /home/wss-scanner/.yarn/berry/cache/angular-npm-1.5.11-136e8acd47-10.zip

Dependency Hierarchy: - angular-patternfly-3.26.0.tgz (Root Library) - :x: **angular-1.5.11.tgz** (Vulnerable Library)

angular-1.6.10.tgz

HTML enhanced for web apps

Library home page: https://registry.npmjs.org/angular/-/angular-1.6.10.tgz

Path to dependency file: /package.json

Path to vulnerable library: /home/wss-scanner/.yarn/berry/cache/angular-npm-1.6.10-36c4afca0d-10.zip

Dependency Hierarchy: - :x: **angular-1.6.10.tgz** (Vulnerable Library)

angular-1.8.3.tgz

HTML enhanced for web apps

Library home page: https://registry.npmjs.org/angular/-/angular-1.8.3.tgz

Path to dependency file: /package.json

Path to vulnerable library: /home/wss-scanner/.yarn/berry/cache/angular-npm-1.8.3-0e5e833690-10.zip

Dependency Hierarchy: - ui-components-1.6.0.tgz (Root Library) - angular-bootstrap-switch-0.5.2.tgz - :x: **angular-1.8.3.tgz** (Vulnerable Library)

Found in HEAD commit: d87706978173ac6516da5e83374518c21263b77b

Found in base branch: master

Vulnerability Details

All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of elements. <p>Publish Date: 2022-07-15 <p>URL: <a href=https://www.mend.io/vulnerability-database/CVE-2022-25869>CVE-2022-25869</a></p> </p> </details> <p></p> <details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width=19 height=20> CVSS 3 Score Details (<b>6.1</b>)</summary> <p> Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None </p> For more information on CVSS3 Scores, click <a rel="noreferrer nofollow" target="_blank" href="https://www.first.org/cvss/calculator/3.0">here</a>. </p> </details> <p></p> <hr /> <p>Step up your Open Source Security Game with Mend <a rel="noreferrer nofollow" target="_blank" href="https://www.whitesourcesoftware.com/full_solution_bolt_github">here</a></p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/miq-bot"><img src="https://avatars.githubusercontent.com/u/7806257?v=4" />miq-bot</a> commented <strong> 1 year ago</strong> </div> <div class="markdown-body"> <p>This issue has been automatically marked as stale because it has not been updated for at least 3 months.</p> <p>If you can still reproduce this issue on the current release or on <code>master</code>, please reply with all of the information you have about it in order to keep the issue open.</p> <p>Thank you for all your contributions! More information about the ManageIQ triage process can be found in <a href="https://www.manageiq.org/docs/guides/triage_process">the triage process documentation</a>.</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/miq-bot"><img src="https://avatars.githubusercontent.com/u/7806257?v=4" />miq-bot</a> commented <strong> 11 months ago</strong> </div> <div class="markdown-body"> <p>This issue has been automatically marked as stale because it has not been updated for at least 3 months.</p> <p>If you can still reproduce this issue on the current release or on <code>master</code>, please reply with all of the information you have about it in order to keep the issue open.</p> <p>Thank you for all your contributions! More information about the ManageIQ triage process can be found in <a href="https://www.manageiq.org/docs/guides/triage_process">the triage process documentation</a>.</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/miq-bot"><img src="https://avatars.githubusercontent.com/u/7806257?v=4" />miq-bot</a> commented <strong> 5 months ago</strong> </div> <div class="markdown-body"> <p>This issue has been automatically marked as stale because it has not been updated for at least 3 months.</p> <p>If you can still reproduce this issue on the current release or on <code>master</code>, please reply with all of the information you have about it in order to keep the issue open.</p> </div> </div> <div class="page-bar-simple"> </div> <div class="footer"> <ul class="body"> <li>© <script> document.write(new Date().getFullYear()) </script> Githubissues.</li> <li>Githubissues is a development platform for aggregating issues.</li> </ul> </div> <script src="https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.min.js"></script> <script src="/githubissues/assets/js.js"></script> <script src="/githubissues/assets/markdown.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/highlight.min.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/go.min.js"></script> <script> hljs.highlightAll(); </script> </body> </html>