Angular Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-66412

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2 20.3.15 and 19.2.17 A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler39s internal security schema is incomplete allowing attackers to bypass Angular39s built-in security sanitization. Specifically the schema fails to classify certain URL-holding attributes (e.g. those that could contain javascript: URLs) as requiring strict URL security enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2 20.3.15 and 19.2.17.