Description
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2013-1538 Vulnerability (CVE-2013-1538)
Oracle JRE CVE-2023-21967 Vulnerability (CVE-2023-21967)
Jenkins Insufficient Session Expiration Vulnerability (CVE-2019-1003049)
WordPress Plugin Smart Email Alerts Cross-Site Scripting (1.0.10)
WordPress Plugin EWWW Image Optimizer Remote Code Execution (2.8.3)