{"id":"CVE-2021-4231","details":"A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component.","aliases":["GHSA-c75v-2vq8-878f"],"modified":"2026-02-10T16:52:18.338829Z","published":"2022-05-26T14:15:07.953Z","related":["CGA-9x5w-x8wq-mxhq"],"references":[{"type":"ADVISORY","url":"https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09"},{"type":"ADVISORY","url":"https://github.com/angular/angular/issues/40136"},{"type":"ADVISORY","url":"https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902"},{"type":"ADVISORY","url":"https://vuldb.com/?id.181356"},{"type":"FIX","url":"https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/angular/angular","events":[{"introduced":"0"},{"fixed":"ba8da742e3b243e8f43d4c63aa842b44e14f2b09"}]}],"versions":["10.0.0-next.0","10.0.0-next.1","10.0.0-next.2","10.0.0-next.3","10.0.0-next.4","10.0.0-next.5","10.0.0-next.6","10.0.0-next.7","10.0.0-next.8","10.0.0-next.9","10.0.0-rc.0","10.1.0","10.1.0-next.0","10.1.0-next.1","10.1.0-next.2","10.1.0-next.3","10.1.0-next.4","10.1.0-next.5","10.1.0-next.6","10.1.0-next.7","10.1.0-next.8","10.1.0-rc.0","10.1.1","10.1.2","10.1.3","10.1.4","10.1.5","10.1.6","10.2.0","10.2.1","10.2.2","10.2.3","10.2.4","2.0.0","2.0.0-alpha.13","2.0.0-alpha.14","2.0.0-alpha.15","2.0.0-alpha.17","2.0.0-alpha.18","2.0.0-alpha.19","2.0.0-alpha.20","2.0.0-alpha.21","2.0.0-alpha.22","2.0.0-alpha.23","2.0.0-alpha.24","2.0.0-alpha.25","2.0.0-alpha.26","2.0.0-alpha.27","2.0.0-alpha.28","2.0.0-alpha.29","2.0.0-alpha.30","2.0.0-alpha.31","2.0.0-alpha.32","2.0.0-alpha.33","2.0.0-alpha.34","2.0.0-alpha.35","2.0.0-alpha.40","2.0.0-alpha.41","2.0.0-alpha.42","2.0.0-alpha.44","2.0.0-alpha.47","2.0.0-alpha.48","2.0.0-alpha.49","2.0.0-alpha.50","2.0.0-alpha.51","2.0.0-alpha.52","2.0.0-alpha.53","2.0.0-alpha.54","2.0.0-alpha.55","2.0.0-beta.0","2.0.0-beta.11","2.0.0-beta.12","2.0.0-beta.13","2.0.0-beta.14","2.0.0-beta.16","2.0.0-beta.17","2.0.0-beta.6","2.0.0-beta.7","2.0.0-beta.8","2.0.0-rc.0","2.0.0-rc.1","2.0.0-rc.2","2.0.0-rc.3","2.0.0-rc.4","2.0.0-rc.5","2.0.0-rc.6","2.0.0-rc.7","2.1.0","2.1.0-beta.0","2.1.0-rc.0","2.2.0","2.2.0-beta.0","2.2.0-beta.1","2.2.0-rc.0","2.3.0","2.3.0-beta.0","2.3.0-rc.0","2.4.0-marker","4.0.0","4.0.0-beta.0","4.0.0-beta.1","4.0.0-beta.2","4.0.0-beta.3","4.0.0-beta.5","4.0.0-beta.6","4.0.0-beta.7","4.0.0-beta.8","4.0.0-rc.1","4.0.0-rc.2","4.0.0-rc.3","4.0.0-rc.4","4.0.0-rc.5","4.0.0-rc.6","4.1.0","4.1.0-beta.0","4.1.0-beta.1","4.1.0-rc.0","4.2.0-beta.0","4.2.0-rc.0","4.2.0-rc.1","4.2.0-rc.2","4.2.1","4.3.0","4.3.0-beta.0","4.3.0-beta.1","4.3.0-rc.0","5.0.0-beta.0","5.0.0-beta.1","5.0.0-beta.2","5.0.0-beta.3","5.0.0-beta.4","5.0.0-beta.5","5.0.0-beta.6","5.0.0-beta.7","5.0.0-rc.0","5.0.0-rc.1","5.0.0-rc.2","5.0.0-rc.3","5.0.0-rc.4","5.1.0","5.1.0-beta.0","5.1.0-beta.1","5.1.0-beta.2","5.1.0-rc.0","5.1.0-rc.1","5.2.0","5.2.0-beta.0","5.2.0-beta.1","5.2.0-rc.0","6.0.0-beta.0","6.0.0-beta.1","6.0.0-beta.2","6.0.0-beta.3","6.0.0-beta.4","6.0.0-beta.6","6.0.0-beta.7","6.0.0-beta.8","6.0.0-rc.0","6.0.0-rc.1","6.0.0-rc.2","6.0.0-rc.3","6.0.0-rc.4","6.0.0-rc.5","6.1.0","6.1.0-beta.0","6.1.0-beta.1","6.1.0-beta.2","6.1.0-beta.3","6.1.0-rc.3","7.0.0-beta.0","7.0.0-beta.1","7.0.0-beta.2","7.0.0-beta.3","7.0.0-beta.4","7.0.0-beta.5","7.0.0-beta.6","7.0.0-beta.7","7.0.0-rc.0","7.0.0-rc.1","7.1.0","7.1.0-beta.0","7.1.0-beta.1","7.1.0-beta.2","7.1.0-rc.0","7.2.0","7.2.0-beta.1","7.2.0-beta.2","7.2.0-rc.0","8.0.0-beta.0","8.0.0-beta.1","8.0.0-beta.10","8.0.0-beta.11","8.0.0-beta.12","8.0.0-beta.13","8.0.0-beta.14","8.0.0-beta.2","8.0.0-beta.3","8.0.0-beta.4","8.0.0-beta.5","8.0.0-beta.6","8.0.0-beta.7","8.0.0-beta.8","8.0.0-beta.9","8.0.0-rc.0","8.1.0-beta.0","8.1.0-next.1","8.1.0-next.2","8.1.0-next.3","8.1.0-rc.0","8.2.0-next.0","8.2.0-next.1","8.2.0-next.2","9.0.0-next.0","9.0.0-next.1","9.0.0-next.10","9.0.0-next.11","9.0.0-next.12","9.0.0-next.13","9.0.0-next.14","9.0.0-next.15","9.0.0-next.2","9.0.0-next.3","9.0.0-next.4","9.0.0-next.5","9.0.0-next.6","9.0.0-next.7","9.0.0-next.8","9.0.0-next.9","9.0.0-rc.0","9.0.0-rc.1","9.1.0-next.0","9.1.0-next.1","9.1.0-next.2","9.1.0-next.4","9.1.0-next.5","9.1.0-rc.0","ngcontainer_0.3.0","ngcontainer_0.3.1","ngcontainer_0.3.2","ngcontainer_0.3.3","ngcontainer_0.4.0","ngcontainer_0.5.0","patch_sync","zone.js-0.10.0","zone.js-0.10.1","zone.js-0.10.2","zone.js-0.10.3","zone.js-0.11.0","zone.js-0.9.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-4231.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}