CVE-2019-14863

Description

There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.

CVSS Version 3.1
CVSS Version 3.0
CVSS Version 2.0

nvd
CVE ID: CVE-2019-14863
Base Score: 6.1
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Impact Score: 2.7
Exploitability Score: 2.8

redhat
CVE ID: CVE-2019-14863
Base Score: 7.1
Base Severity: HIGH
Vector String:CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

nvd
CVE ID: CVE-2019-14863
Base Score: 4.3
Base Severity: MEDIUM
Vector String:AV:N/AC:M/Au:N/C:N/I:P/A:N

Refrence: NVD MITRE

Description​

Description