SB2024101619 - Cross-site scripting in angular-translate angular-translate
Published: October 16, 2024
Security Bulletin ID
SB2024101619
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Cross-site scripting (CVE-ID: CVE-2024-33665)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker could exploit this vulnerability using a specially crafted key to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Remediation
Install update from vendor's website.
References
- https://github.com/angular-translate/angular-translate/issues/1418
- https://stackblitz.com/github/neverendingsupport/angular-translate-xss-2024?file=public%2Findex.html
- http://docs.herodevs.com/docs/2024-Angular-Translate-XSS
- https://github.com/angular-translate/angular-translate/issues/1418#issuecomment-252498855