Critical XSS, Client-Side Flaws in Angular & Cisco Web Services
This newsletter is AI generated and may hallucinate sometimes 😊
Critical XSS Vulnerability Discovered in Angular i18n Module
- A critical Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2026-24905 with a CVSS score of 9.0, has been identified in the Angular i18n internationalization module.
- This flaw permits arbitrary JavaScript execution via specially crafted messages, impacting web applications utilizing Angular versions 16 and 17.
- Developers are urged to update their i18n module and sanitize all user-supplied content to mitigate risks like data theft and session hijacking.
Source: Cybersecurity News | Date: March 4, 2026
Cisco Secure Firewall VPN Web Services Cross-Site Scripting Vulnerability
- A Cross-Site Scripting (XSS) vulnerability, CVE-2026-22442 (CVSS 3.1: 6.1 Medium), affects the VPN web services of Cisco Secure Firewall ASA and FTD software.
- An unauthenticated, remote attacker can execute arbitrary script code in a user's browser due to insufficient validation of user-supplied input.
- Cisco has released software updates to address this vulnerability, recommending users upgrade to the specified fixed software releases to prevent information theft or unauthorized actions.
Source: Cisco Security Advisory | Date: March 6, 2026
Cisco Secure Firewall VPN Web Services Client-Side Request Smuggling Vulnerability
- A client-side request smuggling vulnerability, CVE-2026-22441 (CVSS 3.1: 5.3 Medium), is present in the VPN web services of Cisco Secure Firewall ASA and FTD software.
- This flaw allows an unauthenticated, remote attacker to conduct client-side request smuggling attacks, potentially bypassing security policies.
- Cisco advises applying available software updates to remediate the vulnerability and prevent malicious client-side manipulations.
Source: Cisco Security Advisory | Date: March 6, 2026
Cisco Webex Services Cross-Site Scripting Vulnerability
- A Cross-Site Scripting (XSS) vulnerability, CVE-2026-22452 (CVSS 3.1: 6.1 Medium), has been discovered in Cisco Webex services.
- This flaw enables an unauthenticated, remote attacker to execute arbitrary script code in the context of the affected application's interface by tricking a user into clicking a crafted link.
- Cisco recommends applying updated software releases to secure Webex installations against potential session hijacking or data exposure.
Source: Cisco Security Advisory | Date: March 6, 2026
Cisco Secure Firewall SAML Reflected Cross-Site Scripting Vulnerability
- A Reflected Cross-Site Scripting (XSS) vulnerability, CVE-2026-22443 (CVSS 3.1: 6.1 Medium), impacts the SAML authentication functionality of Cisco Secure Firewall ASA and FTD software.
- An unauthenticated, remote attacker can inject arbitrary script code into a user's browser session by crafting a malicious URL.
- Cisco has released software updates and urges customers to promptly upgrade their affected devices to prevent information disclosure or session hijacking.
Source: Cisco Security Advisory | Date: March 6, 2026
References
- Critical XSS Vulnerability in Angular i18n Enables Malicious Code Execution - Cybersecurity News
- Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Services Cross-Site Scripting Vulnerability - Cisco Security Advisory
- Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Services Client-Side Request Smuggling Vulnerability - Cisco Security Advisory
- Cisco Webex Services Cross-Site Scripting Vulnerability - Cisco Security Advisory
- Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software SAML Reflected Cross-Site Scripting Vulnerability - Cisco Security Advisory
- CVE-2026-24905 Entry - NVD/MITRE
- CVE-2026-22442 Entry - NVD/MITRE
- CVE-2026-22441 Entry - NVD/MITRE
- CVE-2026-22452 Entry - NVD/MITRE
- CVE-2026-22443 Entry - NVD/MITRE