CVE-2025-66412

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the...

CVE-2025-66412

CVE-2025-66412 concerns Angular’s Template Compiler, where a stored XSS could occur due to an incomplete security schema that fails to classify certain URL-holding attributes (e.g., javascript: URLs) as requiring strict URL security. The vulnerability allows injection of malicious scripts and is ...

CVE-2025-26528

CVE-2025-26528 relates to Moodle’s drag-and-drop onto image (ddimageortext) question type. Multiple connected sources confirm a stored XSS risk that required additional sanitizing in this question type. The CVE description notes the need for sanitization to prevent stored XSS, and OSV/GHSA entrie...

Implement security sanitization of RSS feeds and other included content

A great improvement for RSS macros would be to implement "cleansing" or "sanitization" of external RSS feeds. This may be something that is configured at the admin level or in the macro level -- I'd prefer it to be a global admin requirement. Having externally linked content is a security risk, a...

Implement security sanitization of RSS feeds and other included content

A great improvement for RSS macros would be to implement "cleansing" or "sanitization" of external RSS feeds. This may be something that is configured at the admin level or in the macro level -- I'd prefer it to be a global admin requirement. Having externally linked content is a security risk, a...