Bug 2418155 (CVE-2025-66412) - CVE-2025-66412 angular: Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes
Summary: CVE-2025-66412 angular: Angular Stored XSS Vulnerability via SVG Animation, S...
Keywords:
Status: NEW
Alias: CVE-2025-66412
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2419587 2419589 2419590 2419591 2419592 2419593 2419594 2419595 2419596 2419597 2419598 2419599 2419600 2419601 2419602 2419603 2419604 2419605 2419606 2419612 2419613 2419614 2419615 2419608 2419609 2419610 2419611
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-12-01 23:01 UTC by OSIDB Bzimport
Modified: 2025-12-05 21:43 UTC (History)
68 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-12-01 23:01:45 UTC 
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.
Note You need to log in before you can comment on or make changes to this bug.