Description
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Download Manager Cross-Site Scripting (2.9.86)
WordPress Plugin WordPress Poll Multiple Unspecified Vulnerabilities (35.0)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-7572)
MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4097)
Kong Server Incorrect Authorization Vulnerability (CVE-2021-27306)