Igor Minar

**Name of the Vulnerable Software and Affected Versions** angular versions prior to 1.5.0-beta.0 angular versions prior to 1.5.0-beta.1 **Description** The issue allows attackers to execute arbitrary JavaScript in a victim's browser if the `xlink:href` attribute value is user-controlled, due to the package's failure to sanitize it. This can occur when the web application delivers data to its users along with other trusted dynamic content without validating it. **Recommendations** For versions prior to 1.5.0-beta.0, upgrade to version 1.5.0-beta.1 or later. For versions prior to 1.5.0-beta.1, upgrade to version 1.5.0-beta.1 or later.