Moderate severityGHSA Advisory· Published Jul 15, 2022· Updated Jul 28, 2025

CVE-2022-25869

Description

All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of elements.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
angularnpm	<= 1.8.3	—

Affected products

Npm/AngularGHSA
Range: <= 1.8.3
Package: https://www.npmjs.com/package/angular

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-prc3-vjfx-vhm9ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-25869ghsaADVISORY
glitch.com/edit/%23%21/angular-repro-textarea-xssghsaWEB
neverendingsupport.github.io/angularjs-poc-cve-2022-25869ghsaWEB
security.snyk.io/vuln/SNYK-DOTNET-ANGULARJS-10771617ghsaWEB
security.snyk.io/vuln/SNYK-DOTNET-ANGULARJSCORE-6084031ghsaWEB
security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783ghsaWEB
security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784ghsaWEB
security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782ghsaWEB
security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781ghsaWEB
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783ghsaWEB
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784ghsaWEB
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782ghsaWEB
snyk.io/vuln/SNYK-JS-ANGULAR-2949781ghsaWEB
www.npmjs.com/package/angularghsaPACKAGE

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000