CVE-2020-7676

Name of the Vulnerable Software and Affected Versions angular.js versions prior to 1.8.0

Description The issue allows cross-site scripting due to the regex-based input HTML replacement potentially turning sanitized code into unsanitized code. This can occur when <option> elements are wrapped in <select> elements, changing the parsing behavior and possibly leading to unsanitized code.

Recommendations For versions prior to 1.8.0, update to version 1.8.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of <option> elements within <select> elements to minimize the risk of exploitation.