Vulnerability Description
angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- http://docs.herodevs.com/docs/2024-Angular-Translate-XSS
- https://github.com/angular-translate/angular-translate/issues/1418
- https://github.com/angular-translate/angular-translate/issues/1418#issuecomment-
- https://stackblitz.com/github/neverendingsupport/angular-translate-xss-2024?file
- http://docs.herodevs.com/docs/2024-Angular-Translate-XSS
- https://github.com/angular-translate/angular-translate/issues/1418
- https://github.com/angular-translate/angular-translate/issues/1418#issuecomment-
- https://stackblitz.com/github/neverendingsupport/angular-translate-xss-2024?file
FAQ
What is CVE-2024-33665?
CVE-2024-33665 is a vulnerability with a CVSS score of 6.1 (MEDIUM). angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be...
How severe is CVE-2024-33665?
CVE-2024-33665 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-33665?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.