CVE-2022-25869: Cross-site Scripting (XSS)

Published Jul 15, 2022
·
Updated

All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.

NPM package angular is deprecated. Those who want to receive security updates should use the actively maintained package @angular/core.

Other sources

All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.

All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.

MITRE

Affected Software

6 affected componentsFixes available
angularjs Angular Node.js
npm/angular<=1.8.3
F5 BIG-IP>=17.5.0<=17.5.1, >=17.1.0<=17.1.2
17.5.1.117.1.3
F5 BIG-IP>=16.1.0<=16.1.6
F5 BIG-IP>=15.1.0<=15.1.10
angularjs AngularJS

Event History

Jul 15, 2022
CVE Published
via MITRE·08:02 PM
Data Sourced
via MITRE·08:02 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·08:15 PM
DescriptionSeverityWeaknessAffected Software
Jul 16, 2022
Advisory Published
via GitHub·12:00 AM
Data Sourced
via GitHub·12:00 AM
DescriptionSeverityWeaknessAffected Software
Oct 16, 2024
Advisory Published
via F5·12:18 AM
Data Sourced
via F5·12:18 AM
DescriptionSeverityWeaknessAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is CVE-2022-25869?

CVE-2022-25869 is a vulnerability in all versions of the angular package that allows for Cross-site Scripting (XSS) attacks due to insecure page caching in the Internet Explorer browser.

2

How does the CVE-2022-25869 vulnerability affect the angular package?

The CVE-2022-25869 vulnerability affects all versions of the angular package by allowing for Cross-site Scripting (XSS) attacks through insecure page caching in the Internet Explorer browser.

3

What is the severity of CVE-2022-25869?

The severity of CVE-2022-25869 is medium with a CVSS score of 6.1.

4

How can I fix the CVE-2022-25869 vulnerability?

To fix the CVE-2022-25869 vulnerability, it is recommended to update to a secure version of the angular package or switch to a different framework.

5

Is there any reference material available for the CVE-2022-25869 vulnerability?

Yes, you can find more information about the CVE-2022-25869 vulnerability at the following references: [NVD](https://nvd.nist.gov/vuln/detail/CVE-2022-25869), [Glitch](https://glitch.com/edit/%23%21/angular-repro-textarea-xss), and [Snyk](https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203