1.2.21

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-09	CVE-2024-8373	Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. network low complexity angularjs netapp	4.3
2020-06-08	CVE-2020-7676	Cross-site Scripting vulnerability in Angularjs Angular.Js angular.js prior to 1.8.0 allows cross site scripting. network low complexity angularjs CWE-79	5.4
2020-01-02	CVE-2019-14863	Cross-site Scripting vulnerability in multiple products There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. network low complexity angularjs redhat CWE-79	6.1
2019-11-19	CVE-2019-10768	Unspecified vulnerability in Angularjs Angular.Js In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload. network low complexity angularjs	7.5