PT-2022-11586 · Google · Angular

Miško Hevery

Published

2022-05-26

Updated

2025-11-20

CVE-2021-4231

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Angular versions 11.0.4 through 11.1.0-next.2

Description A vulnerability was found in the handling of comments, which can lead to cross site scripting. The manipulation can be launched remotely, but it might require authentication first.

Recommendations For versions up to 11.0.4, upgrade to version 11.0.5. For versions up to 11.1.0-next.2, upgrade to version 11.1.0-next.3. Alternatively, for older versions, upgrade to version 10.2.5.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-4231

GHSA-C75V-2VQ8-878F

RHSA-2023:3623

Affected Products

Angular

PT-2022-11586 · Google · Angular

CVE-2021-4231

Weakness Enumeration

Related Identifiers

Affected Products

References · 12