Shelbykelley

**Name of the Vulnerable Software and Affected Versions** Angular versions prior to 19.2.18 Angular versions prior to 20.3.16 Angular versions prior to 21.0.7 Angular version 21.1.0-rc.0 **Description** Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. A cross-site scripting (XSS) issue exists in the Angular Template Compiler due to a failure in Angular’s internal sanitization schema to recognize the `href` and `xlink:href` attributes of SVG `<script>` elements as a Resource URL context. This could potentially lead to arbitrary code execution. **Recommendations** Update to Angular version 19.2.18 or later. Update to Angular version 20.3.16 or later. Update to Angular version 21.0.7 or later. Update to Angular version 21.1.0-rc.0 or later.