AngularJS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-7676
Reference:
CVE-2020-7676
Title:
AngularJS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping quotltoptiongtquot elements in quotltselectgtquot ones changes parsing behavior leading to possibly unsanitizing code.