Back

CVE-2024-33665

April 26, 2024, 12:58 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

angular-translate

  • up to 2.19.1

angular-translate

  • through 2.19.1

Source

cve@mitre.org

Tags

CVE-2024-33665 details

Published : April 26, 2024, 1:15 a.m.
Last Modified : April 26, 2024, 12:58 p.m.

Description

angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
http://docs.herodevs.com/docs/2024-Angular-Translate-XSS cve@mitre.org
https://github.com/angular-translate/angular-translate/issues/1418 cve@mitre.org
https://github.com/angular-translate/angular-translate/issues/1418#issuecomment-252498855 cve@mitre.org
https://stackblitz.com/github/neverendingsupport/angular-translate-xss-2024?file=public%2Findex.html cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.