CVE-2021-32854

MEDIUM

textangular < 1.5.16 - Cross-Site Scripting via Copy-Paste

Title source: llm

Description

textAngular is a text editor for Angular.js. Version 1.5.16 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. There are no known patches.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://securitylab.github.com/advisories/GHSL-2021-1001-textAngular/

Scores

CVSS v3 6.1

EPSS 0.0010

EPSS Percentile 27.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

npm/textangular 0npm

textangular/textangular < 1.5.16

Published Feb 21, 2023

Tracked Since Feb 18, 2026