CVE-2021-4231

Summary

CVE	CVE-2021-4231
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-05-26 14:15:00 UTC
Updated	2022-06-07 19:07:00 UTC
Description	A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component.

Risk And Classification

Problem Types: CWE-79

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Angular	Angular	All	All	All	All
Application	Angular	Angular	11.1.0	next_0	All	All
Application	Angular	Angular	11.1.0	next_1	All	All
Application	Angular	Angular	11.1.0	next_2	All	All

References

Reference	Source	Link	Tags
Cross-site Scripting (XSS) in @angular/core \| Snyk	MISC	security.snyk.io
fix(core): fix possible XSS attack in development through SSR (#40525) · angular/angular@ba8da74 · GitHub	MISC	github.com
CVE-2021-4231 \| Angular Comment cross site scripting (ID 40136)	MISC	vuldb.com
Xss fix by mhevery · Pull Request #40136 · angular/angular · GitHub	MISC	github.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

241726 Red Hat Update for red hat ceph storage 6.1 (RHSA-2023:3623)