textAngular is a text editor for Angular.js. Version 1.5.16 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. There are no known patches.
CVE-2021-32854 - Medium Severity Vulnerability
A radically powerful Text-Editor/Wysiwyg editor for Angular.js
Library home page: https://registry.npmjs.org/textangular/-/textangular-1.5.16.tgz
Path to dependency file: /Ceres/package.json
Path to vulnerable library: /node_modules/textangular/package.json
Dependency Hierarchy: - :x: **textangular-1.5.16.tgz** (Vulnerable Library)
Found in HEAD commit: b31d728670f7b1cea140b9a346bf71d1a9771fb2
Found in base branch: clean_branch
textAngular is a text editor for Angular.js. Version 1.5.16 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. There are no known patches.
Publish Date: 2023-02-21
URL: CVE-2021-32854
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with Mend here