PT-2023-4755

Name of the Vulnerable Software and Affected Versions angular versions 1.2.21 and later Description The issue is related to the angular.copy utility function, which uses an insecure regular expression. This can lead to a Regular Expression Denial of Service ReDoS via a large carefully-crafted...

Malicious code in bmw-angular-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19187c7234d1b977a45a06fe7aba190ebe4b728a13f7cefa9b8b6fbf644bc99a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1633 Malicious code in bmw-angular-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19187c7234d1b977a45a06fe7aba190ebe4b728a13f7cefa9b8b6fbf644bc99a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cross-site Scripting (XSS)

Overview ngx-markdown-editor is an Angular markdown editor based on ace editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the markdown editor. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious scri...

Cross site scripting

The SAP Commerce SmartEdit Extension, versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting XSS that exploits the templating facilities of the angular framework...

New Relic: CSTI at Plugin page leading to active stored XSS (Publisher name)

Hey team, I have discovered the CSTI vulnerability at NR single Plugin page leading to stored XSS. To plant the payload you need to publish new plugin using account having the payload inside its name. Below I show you the easiest way to reproduce this using a python script which creates the new...