MAL-2025-9140 Malicious code in @nstark/angular.js (npm)

The package @nstark/angular.js was found to contain malicious code...

Malicious code in @nstark/angular.js (npm)

The package @nstark/angular.js was found to contain malicious code...

K000150967: Angular JS vulnerabilities CVE-2023-26117 and CVE-2023-26118

Security Advisory Description CVE-2023-26117 Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted...

K000141459: Angular JS vulnerabilities CVE-2019-14863 and CVE-2022-25869

Security Advisory Description CVE-2019-14863 There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. CVE-2022-2586...

F5 Networks BIG-IP : Angular JS vulnerabilities (K000141459)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the K000141459 advisory. CVE-2019-14863There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping t...

Security Bulletin: IBM MQ is affected by multiple Angular JS vulnerabilities.

Summary IBM MQ has resolved multiple Angular JS vulnerabilities CVE-2022-25844, CVE-2023-26116, CVE-2023-26117, CVE-2023-26118, CVE-2022-25869. Angular JS is used in Dashboard Web Console. Vulnerability Details CVEID:CVE-2022-25844 DESCRIPTION: Node.js Angular module is vulnerable to a denial of...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to the Angular JS (CVE-2023-26116, CVE-2023-26117, CVE-2023-26118)

Summary The Discovery Connectors in IBM App Connect Enterprise are vulnerable to a denial of service due to the Angular JS CVE-2023-26116, CVE-2023-26117, CVE-2023-26118. The fix removes Angular JS. Vulnerability Details CVEID:CVE-2023-26117 DESCRIPTION: AngularJS is vulnerable to a denial of...

PT-2018-6038 · Ag Grid +1 · Ag-Grid +1

Name of the Vulnerable Software and Affected Versions: ag-grid affected versions not specified Description: The issue concerns Cross-site Scripting XSS via Angular Expressions when ag-grid is used in combination with AngularJS. Recommendations: Avoid using ag-grid in combination with AngularJS...

WordPress: Stored self-XSS in mercantile.wordpress.org checkout

Hello Team, Summary after i read this 221893 report, i try to find more security issue there, and i was surprise i found an RCE Via Template Injection. Since on that report i see ng-bindable word, its possible the site also effect by RCE. Step To Reproduce 1. open https://mercantile.wordpress.org...

Rockstar Games: [IMP] - Blind XSS in the admin panel for reviewing comments

@anshumanbh discovered that it is possible to exploit a Blind XSS vulnerability under the "MOUTHOFF TO ROCKSTAR" section while providing feedback. The result is a XSS vulnerability being exploited on an internal Rockstar Games domain. The way this worked was that an attacker would submit a...

Angular JS template injection vulnerability analysis-vulnerability warning-the black bar safety net

Weekend Mining the vulnerabilities of the process, found an interestingXSS, is to use the Angular JS template to be injected, thereby executing the malicious code, The idea and technology is relatively novel. Angular JS is one of the more popular front end MVC frameworks, many cutting-edge sites...