CVE-2022-25869

Name: CVE-2022-25869
Creator: NVD / NIST
Published: 2022-07-15T20:15:08.487+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.1/10EPSS 5.28%

Last modified Jun 17, 2026

CVE-2022-25869 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.. EPSS estimates a 5.28% chance of exploitation in the next 30 days.

Description

All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.

Metrics

CVSS 3.1

6.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Probability

5.28%

91.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Angularjs	Angularjs	All versions

References

https://neverendingsupport.github.io/angularjs-poc-cve-2022-25869
https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJS-10771617
https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJSCORE-6084031
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782
https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781
https://glitch.com/edit/%23%21/angular-repro-textarea-xssBroken Link
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783Exploit, Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784Exploit, Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782Exploit, Third Party Advisory
https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781Exploit, Third Party Advisory

Timeline

Published: Jul 15, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-25869?

How severe is CVE-2022-25869?

CVE-2022-25869 has a CVSS score of 6.1/10 (MEDIUM severity). The EPSS model estimates a 5.28% probability of exploitation in the next 30 days.

How do I fix CVE-2022-25869?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-25869?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST