Angular JS and weak TLS ciphers such as 128 bit vulnerability

Reply
Highlighted
L3 Networker

Angular JS and weak TLS ciphers such as 128 bit vulnerability

Hi Team 

 

As we could not able to find out the below vulnerability which is found on below model during penetration testing So , Please help us to find out the details for this vulnerability and let us know if any workaround is there or not.
 
CVE-ID-2020-7676
 
Anyone got the similar vulnerability ?
 
Regards
Mohammed Asik

 

Highlighted
Cyber Elite

Here is the link to the CVE on the CVE web page

 

https://nvd.nist.gov/vuln/detail/CVE-2020-7676

 

Current Description

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.

 

Hide Analysis Description

Analysis Description

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.

Severity

 


CVSS 3.x Severity and Metrics:

 

 

NIST: NVD
Base Score:  5.4 MEDIUM
Vector:  CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N


NVD Analysts use publicly available information to associate vector strings and CVSS scores. We also display any CVSS information provided within the CVE List from the CNA.

Note: NVD Analysts have published a CVSS score for this CVE based on publicly available information at the time of analysis. The CNA has not provided a score within the CVE List.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b@%3Coz...  
https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20@%3Coz...  
https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1@%3Coz...  
https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b@%3Coz...  
https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b@%3Coz...  
https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7@%3Coz...  
https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1@%3Coz...  
https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02@%3Coz...  
https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Cco...  
https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a@%3Coz...  
https://snyk.io/vuln/SNYK-JS-ANGULAR-570058 Third Party Advisory 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
 

 

NIST  

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )
 cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:*
   Show Matching CPE(s)
Up to (excluding)
1.8.0

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

7 change records found show changes
Help the community: Like helpful comments and mark solutions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!