Cross-site Scripting (XSS)
CVE-2022-25869

4.2MEDIUM

Key Information:

Vendor: Angularjs
Status: Angular; Org.webjars.npm:angular; Org.webjars.bower:angular; Org.webjars.bowergithub.angular:angular
Vendor: CVE Published:; 15 July 2022

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2022-25869?

All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of elements.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

angular 0

angularjs 0

AngularJS.Core 0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

angularjs-poc-cve-2022-25869
Created by gkalpak

References

https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-294...

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2...

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jul 1, 2025
👾
Exploit known to exist
Jul 1, 2025
Vulnerability published
Jul 15, 2022
Vulnerability Reserved
Feb 24, 2022

Credit

Michael Prentice

JSON

Angularjs