Refine your search
5 vulnerabilities found for angular by angular
CVE-2025-66412 (GCVE-0-2025-66412)
Vulnerability from nvd
Published
2025-12-01 22:35
Modified
2025-12-02 14:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T14:12:58.051369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T14:13:07.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "angular",
"vendor": "angular",
"versions": [
{
"status": "affected",
"version": "\u003e= 21.0.0-next.0 \u003c 21.0.2"
},
{
"status": "affected",
"version": "\u003e= 20.0.0-next.0 \u003c 20.3.15"
},
{
"status": "affected",
"version": "\u003e= 19.0.0-next.0 \u003c 19.2.17"
},
{
"status": "affected",
"version": "\u003c= 18.2.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler\u0027s internal security schema is incomplete, allowing attackers to bypass Angular\u0027s built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T22:35:59.211Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49"
},
{
"name": "https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a"
}
],
"source": {
"advisory": "GHSA-v4hv-rgfq-gp49",
"discovery": "UNKNOWN"
},
"title": "Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66412",
"datePublished": "2025-12-01T22:35:59.211Z",
"dateReserved": "2025-11-28T23:33:56.366Z",
"dateUpdated": "2025-12-02T14:13:07.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66035 (GCVE-0-2025-66035)
Vulnerability from nvd
Published
2025-11-26 22:18
Modified
2025-11-28 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66035",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T18:28:53.883453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T18:29:18.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "angular",
"vendor": "angular",
"versions": [
{
"status": "affected",
"version": "\u003e= 21.0.0-next.0, \u003c 21.0.1"
},
{
"status": "affected",
"version": "\u003e= 20.0.0-next.0, \u003c 20.3.14"
},
{
"status": "affected",
"version": "\u003c 19.2.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular\u0027s HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T22:18:35.692Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37"
},
{
"name": "https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f"
},
{
"name": "https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc"
},
{
"name": "https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e"
},
{
"name": "https://github.com/angular/angular/releases/tag/19.2.16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/releases/tag/19.2.16"
},
{
"name": "https://github.com/angular/angular/releases/tag/20.3.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/releases/tag/20.3.14"
},
{
"name": "https://github.com/angular/angular/releases/tag/21.0.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/releases/tag/21.0.1"
}
],
"source": {
"advisory": "GHSA-58c5-g7wp-6w37",
"discovery": "UNKNOWN"
},
"title": "Angular HTTP Client Has XSRF Token Leakage via Protocol-Relative URLs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66035",
"datePublished": "2025-11-26T22:18:35.692Z",
"dateReserved": "2025-11-21T01:08:02.615Z",
"dateUpdated": "2025-11-28T18:29:18.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-4231 (GCVE-0-2021-4231)
Vulnerability from nvd
Published
2022-05-26 07:10
Modified
2025-04-15 14:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross Site Scripting
Summary
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| unspecified | Angular |
Version: 11.0.0 Version: 11.0.1 Version: 11.0.2 Version: 11.0.3 Version: 11.0.4 Version: 11.1.0-next.0 Version: 11.1.0-next.1 Version: 11.1.0-next.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:23:10.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/angular/angular/issues/40136"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.181356"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4231",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:14:41.857765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:38:13.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Angular",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "11.0.2"
},
{
"status": "affected",
"version": "11.0.3"
},
{
"status": "affected",
"version": "11.0.4"
},
{
"status": "affected",
"version": "11.1.0-next.0"
},
{
"status": "affected",
"version": "11.1.0-next.1"
},
{
"status": "affected",
"version": "11.1.0-next.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mi\u0161ko Hevery"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-26T07:10:14.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/issues/40136"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.181356"
}
],
"title": "Angular Comment cross site scripting",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2021-4231",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Angular Comment cross site scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Angular",
"version": {
"version_data": [
{
"version_value": "11.0.0"
},
{
"version_value": "11.0.1"
},
{
"version_value": "11.0.2"
},
{
"version_value": "11.0.3"
},
{
"version_value": "11.0.4"
},
{
"version_value": "11.1.0-next.0"
},
{
"version_value": "11.1.0-next.1"
},
{
"version_value": "11.1.0-next.2"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"credit": "Mi\u0161ko Hevery",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/angular/angular/issues/40136",
"refsource": "MISC",
"url": "https://github.com/angular/angular/issues/40136"
},
{
"name": "https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09",
"refsource": "MISC",
"url": "https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09"
},
{
"name": "https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902",
"refsource": "MISC",
"url": "https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902"
},
{
"name": "https://vuldb.com/?id.181356",
"refsource": "MISC",
"url": "https://vuldb.com/?id.181356"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2021-4231",
"datePublished": "2022-05-26T07:10:14.000Z",
"dateReserved": "2022-05-26T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:38:13.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-66412 (GCVE-0-2025-66412)
Vulnerability from cvelistv5
Published
2025-12-01 22:35
Modified
2025-12-02 14:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T14:12:58.051369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T14:13:07.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "angular",
"vendor": "angular",
"versions": [
{
"status": "affected",
"version": "\u003e= 21.0.0-next.0 \u003c 21.0.2"
},
{
"status": "affected",
"version": "\u003e= 20.0.0-next.0 \u003c 20.3.15"
},
{
"status": "affected",
"version": "\u003e= 19.0.0-next.0 \u003c 19.2.17"
},
{
"status": "affected",
"version": "\u003c= 18.2.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler\u0027s internal security schema is incomplete, allowing attackers to bypass Angular\u0027s built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T22:35:59.211Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49"
},
{
"name": "https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a"
}
],
"source": {
"advisory": "GHSA-v4hv-rgfq-gp49",
"discovery": "UNKNOWN"
},
"title": "Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66412",
"datePublished": "2025-12-01T22:35:59.211Z",
"dateReserved": "2025-11-28T23:33:56.366Z",
"dateUpdated": "2025-12-02T14:13:07.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66035 (GCVE-0-2025-66035)
Vulnerability from cvelistv5
Published
2025-11-26 22:18
Modified
2025-11-28 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66035",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T18:28:53.883453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T18:29:18.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "angular",
"vendor": "angular",
"versions": [
{
"status": "affected",
"version": "\u003e= 21.0.0-next.0, \u003c 21.0.1"
},
{
"status": "affected",
"version": "\u003e= 20.0.0-next.0, \u003c 20.3.14"
},
{
"status": "affected",
"version": "\u003c 19.2.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular\u0027s HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T22:18:35.692Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37"
},
{
"name": "https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f"
},
{
"name": "https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc"
},
{
"name": "https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e"
},
{
"name": "https://github.com/angular/angular/releases/tag/19.2.16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/releases/tag/19.2.16"
},
{
"name": "https://github.com/angular/angular/releases/tag/20.3.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/releases/tag/20.3.14"
},
{
"name": "https://github.com/angular/angular/releases/tag/21.0.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/angular/angular/releases/tag/21.0.1"
}
],
"source": {
"advisory": "GHSA-58c5-g7wp-6w37",
"discovery": "UNKNOWN"
},
"title": "Angular HTTP Client Has XSRF Token Leakage via Protocol-Relative URLs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66035",
"datePublished": "2025-11-26T22:18:35.692Z",
"dateReserved": "2025-11-21T01:08:02.615Z",
"dateUpdated": "2025-11-28T18:29:18.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}