{
  "threat_severity" : "Important",
  "public_date" : "2019-10-15T00:00:00Z",
  "bugzilla" : {
    "description" : "angular: Cross-site Scripting (XSS) due to no proper sanitization of xlink:href attributes",
    "id" : "1763589",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1763589"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.1",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-79",
  "details" : [ "There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.", "A cross-site scripting (XSS) flaw was found in Angular. This flaw occurs due to improper sanitation of xlink:href attributes, which allows the web application to deliver data to users, along with other trusted content, without proper validation." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Decision Manager 7",
    "release_date" : "2019-12-03T00:00:00Z",
    "advisory" : "RHSA-2019:4069",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7.5",
    "package" : "angular"
  }, {
    "product_name" : "Red Hat Process Automation 7",
    "release_date" : "2019-12-03T00:00:00Z",
    "advisory" : "RHSA-2019:4071",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.5",
    "package" : "angular"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-14863\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14863\nhttps://snyk.io/vuln/npm:angular:20150807" ],
  "name" : "CVE-2019-14863",
  "csaw" : false
}