Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/22 3:38 p.m.43 views

CVE-2026-50556 Angular: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

8.6CVSS0.00239EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 3:38 p.m.18 views

CVE-2026-50556

Summary: CVE-2026-50556 affects Angular SSR via @angular/platform-server using domino for DOM emulation. The serializer omits escaping, allowing bound dynamic text inside to produce an unescaped closing tag that can inject a [removed] and cause same-origin XSS under SSR. What is affected: Angul...

8.6CVSS5.9AI score0.00239EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/22 3:38 p.m.5 views

CVE-2026-50556 Angular: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

8.6CVSS5.9AI score0.00239EPSS
Exploits0References3
OSV
OSV
added 2021/02/26 2:15 a.m.9 views

UBUNTU-CVE-2021-23974

The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox 86...

6.1CVSS6.8AI score0.00753EPSS
Exploits0References6
Rows per page
Query Builder