angularjs angular-js CVE-2019-14863 vulnerability in AngularJS and Other Products
Published on January 2, 2020

product logo product logo product logo
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.

NVD

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2019-14863 has been classified to as a XSS vulnerability or weakness.


Products Associated with CVE-2019-14863

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-14863 are published in these products:

AngularJS
 
Red Hat Decision Manager
 
Red Hat Process Automation
 
Canonical Ubuntu Linux
 

Affected Versions

Red Hat angular: Version all angular versions before 1.5.0-beta.0 is affected by CVE-2019-14863

Exploit Probability

EPSS
0.10%
Percentile
26.91%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.