CVE-2022-25869

Name of the Vulnerable Software and Affected Versions angular versions prior to the fixed version

Description The issue is related to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, allowing interpolation of elements. This occurs because the application does not take adequate measures to protect the structure of web pages, potentially enabling a remote attacker to conduct an XSS attack.

Recommendations For all versions of angular, consider migrating to the actively maintained package @angular/core to receive security updates, as the angular package is deprecated. As a temporary workaround, consider restricting the use of the insecure page caching feature in the Internet Explorer browser until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.