Vulnerability DatabaseWS-2017-0116
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2017-0116
Published:May 13, 2026
Updated:May 13, 2026
The use element can reference external svg's (same origin) and can include xlink javascript urls or foreign object that can execute xss.
Affected Packages
angular (BOWER):
Affected version(s) =v1.3.20 <v1.3.21-build.153+sha.a9ecde1
Fix Suggestion:
Update to version v1.3.21-build.153+sha.a9ecde1
angular (BOWER):
Affected version(s) =v1.4.14 <v1.5.0-beta.0
Fix Suggestion:
Update to version v1.5.0-beta.0
angular (BOWER):
Affected version(s) =v1.2.16 <v1.2.17-build.100+sha.feb54d6
Fix Suggestion:
Update to version v1.2.17-build.100+sha.feb54d6
angular (BOWER):
Affected version(s) =v1.4.6 <v1.4.7-build.4242+sha.4dd10fd
Fix Suggestion:
Update to version v1.4.7-build.4242+sha.4dd10fd
angular (BOWER):
Affected version(s) =v1.4.5 <v1.4.6-build.4194+sha.170cd96
Fix Suggestion:
Update to version v1.4.6-build.4194+sha.170cd96
angular (BOWER):
Affected version(s) =v1.4.10 <v1.4.11
Fix Suggestion:
Update to version v1.4.11
angular (BOWER):
Affected version(s) =v1.3.15 <v1.3.16-build.100+sha.d5c99ea
Fix Suggestion:
Update to version v1.3.16-build.100+sha.d5c99ea
angular (BOWER):
Affected version(s) =v1.3.17 <v1.3.18-build.129+sha.8bd59a5
Fix Suggestion:
Update to version v1.3.18-build.129+sha.8bd59a5
angular (BOWER):
Affected version(s) >=v1.2.31 <v1.3.0-beta.1
Fix Suggestion:
Update to version v1.3.0-beta.1
angular (BOWER):
Affected version(s) =v1.2.26 <v1.2.27-build.491+sha.07d6242
Fix Suggestion:
Update to version v1.2.27-build.491+sha.07d6242
angular (BOWER):
Affected version(s) =v1.0.8 <v1.2.0-rc.1
Fix Suggestion:
Update to version v1.2.0-rc.1
angular (BOWER):
Affected version(s) =v1.4.3 <v1.4.4-build.4102+sha.528ceda
Fix Suggestion:
Update to version v1.4.4-build.4102+sha.528ceda
angular (BOWER):
Affected version(s) =v1.2.29 <v1.2.30-build.604+sha.34e5623
Fix Suggestion:
Update to version v1.2.30-build.604+sha.34e5623
angular (BOWER):
Affected version(s) =v1.3.9 <v1.3.10-build.17+sha.bf55d76
Fix Suggestion:
Update to version v1.3.10-build.17+sha.bf55d76
angular (BOWER):
Affected version(s) =v1.4.8 <v1.4.9-build.1+sha.7882c1c
Fix Suggestion:
Update to version v1.4.9-build.1+sha.7882c1c
angular (BOWER):
Affected version(s) =v1.0.6 <v1.0.7
Fix Suggestion:
Update to version v1.0.7
angular (BOWER):
Affected version(s) =v1.3.2 <v1.3.3-build.3534+sha.b6fd184
Fix Suggestion:
Update to version v1.3.3-build.3534+sha.b6fd184
angular (NPM):
Affected version(s) >=0.0.1-1 <1.5.0
Fix Suggestion:
Update to version 1.5.0
rota.spa (NUGET):
Affected version(s) >=1.0.0 <=1.5.6
Fix Suggestion:
Update to version no_fix
aspspasilo-gh (NUGET):
Affected version(s) >=1.2.0 <=1.2.2
Fix Suggestion:
Update to version no_fix
crash.diagnoser (NUGET):
Affected version(s) =1.3.0.1
Fix Suggestion:
Update to version no_fix
angularjstypescriptbase (NUGET):
Affected version(s) =1.0.0
Fix Suggestion:
Update to version no_fix
westwind.globalization.web (NUGET):
Affected version(s) =2.2.0 <2.2.1
Fix Suggestion:
Update to version 2.2.1
angularjs.sanitize (NUGET):
Affected version(s) >=1.4.1 <1.5.0
Fix Suggestion:
Update to version 1.5.0
fion.modelerp.core (NUGET):
Affected version(s) >=1.0.0 <1.0.344
Fix Suggestion:
Update to version 1.0.344
angularjs (NUGET):
Affected version(s) >=1.4.0 <1.5.0
Fix Suggestion:
Update to version 1.5.0
consorzimvc (NUGET):
Affected version(s) =2.0.0
Fix Suggestion:
Update to version no_fix
bike.net.modules.angular (NUGET):
Affected version(s) =0.0.0.8-alfa
Fix Suggestion:
Update to version no_fix
vs2015.taco.angularoncordova.bootstrap (NUGET):
Affected version(s) =1.0.0 <1.0.1
Fix Suggestion:
Update to version 1.0.1
crashdiag (NUGET):
Affected version(s) >=1.3.0.1 <=1.3.0.3
Fix Suggestion:
Update to version no_fix
westwind.globalization.web (NUGET):
Affected version(s) =2.0.60 <2.0.61
Fix Suggestion:
Update to version 2.0.61
mpl/matomo (PHP):
Affected version(s) >=3.0.0 <3.1.1
Fix Suggestion:
Update to version 3.1.1
chaplean/cms-bundle (PHP):
Affected version(s) >=dev-dependabot/npm_and_yarn/Resources/public/libs/bootstrap-sass-official/ejs-2.7.1 <=v8.0.3
Fix Suggestion:
Update to version no_fix
victoire/victoire (PHP):
Affected version(s) =dev-remove-swiftmailer-dependancy <dev-dependabot/npm_and_yarn/Bundle/UIBundle/Resources/config/marked-0.3.19
Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/Bundle/UIBundle/Resources/config/marked-0.3.19
tortuvshin/bella.mn (PHP):
Affected version(s) >=dev-core <v1.0.0
Fix Suggestion:
Update to version v1.0.0
betteryourweb/laravel-custom (PHP):
Affected version(s) =dev-dev-master <dev-develop
Fix Suggestion:
Update to version dev-develop
sunra/angularjs-symfony2-bundle (PHP):
Affected version(s) >=dev-master <=v1.5.5
Fix Suggestion:
Update to version no_fix
nehakadam/calenstyle (PHP):
Affected version(s) =2.0.7
Fix Suggestion:
Update to version no_fix
innova/angular-js-bundle (PHP):
Affected version(s) =dev-master <1.0
Fix Suggestion:
Update to version 1.0
clh021/yii2-wechat_ionic1 (PHP):
Affected version(s) >=dev-master <=0.0.1
Fix Suggestion:
Update to version no_fix
victoire/victoire (PHP):
Affected version(s) =dev-fix/translation <dev-master
Fix Suggestion:
Update to version dev-master
boson/portal-bundle (PHP):
Affected version(s) =dev-b2.7
Fix Suggestion:
Update to version no_fix
victoire/victoire (PHP):
Affected version(s) =2.2.x-dev <2.2.1
Fix Suggestion:
Update to version 2.2.1
vjcspy/izadmin (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
matomo/matomo (PHP):
Affected version(s) >=3.0.1 <3.1.1
Fix Suggestion:
Update to version 3.1.1
titan-framework/sample-travel (PHP):
Affected version(s) >=dev-master <=1.16.09-p5
Fix Suggestion:
Update to version no_fix
piwik/piwik (PHP):
Affected version(s) >=3.0.1 <3.1.1
Fix Suggestion:
Update to version 3.1.1
innova/angular-js-bundle (PHP):
Affected version(s) =5.1.0
Fix Suggestion:
Update to version no_fix
chaplean/cms-bundle (PHP):
Affected version(s) >=dev-dev <v1.0.0
Fix Suggestion:
Update to version v1.0.0
innova/angularjs (PHP):
Affected version(s) =dev-master <1.0
Fix Suggestion:
Update to version 1.0
betteryourweb/laravel-custom (PHP):
Affected version(s) =dev-master <v3.0.0-beta-2
Fix Suggestion:
Update to version v3.0.0-beta-2
claroline/front-end-bundle (PHP):
Affected version(s) =dev-master <dev-update_daterangepicker
Fix Suggestion:
Update to version dev-update_daterangepicker
claroline/front-end-bundle (PHP):
Affected version(s) =dev-7.x-test <7.0.1
Fix Suggestion:
Update to version 7.0.1
Related Resources (2)
https://github.com/angular/angular.js/commit/7a668cdd7d08a7016883eb3c671cbcd586223ae8
https://github.com/angular/angular.js/pull/13453
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
LOW
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE