29 matches found
PT-2024-38978
Name of the Vulnerable Software and Affected Versions: AngularJS versions all Description: The issue is related to improper sanitization of the value of the srcset attribute in HTML elements in AngularJS, allowing attackers to bypass common image source restrictions. This can also lead to a form ...
PT-2024-38977
Name of the Vulnerable Software and Affected Versions: AngularJS versions 1.3.0-rc.4 and greater Description: The issue is due to improper sanitization of the value of the srcset attribute in AngularJS, allowing attackers to bypass common image source restrictions. This can lead to a form of...
AngularJS < 1.8.0 Cross-Site Scripting
According to its self-reported version number, AngularJS is prior to 1.8.0. Therefore, it may be affected by a a Cross-Site Scripting XSS vulnerability through the wrapping of elements in ones. Note that the scanner has not tested for these issues but has instead relied only on the application's...
UBUNTU-CVE-2020-7676
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...
DEBIAN-CVE-2019-10768
In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...
Arbitrary Script Injection
Overview Affected versions of this package are vulnerable to Arbitrary Script Injection. Attributes were not protected via $sce, which prevents interpolated values that fail the RESOURCEURL context tests from being used in interpolation. For example if the application is running at...
Unsafe Object Deserialization
Overview Affected versions of this package are vulnerable to Unsafe Object Deserialization. POC The exploitable code: js hasOwnProperty.constructor.prototype.valueOf = valueOf.call; "a", "alert1".sorthasOwnProperty.constructor; The exploit: - 1. Array.sort takes a comparison function and passes i...
Protection Bypass
Overview Affected versions of this package are vulnerable to Protection Bypass via ng-attr-action and ng-attr-srcdoc allowing binding to Javascript. The fix was to require bindings to formaction to be $sce.RESOURCEURL and bindings to iframesrcdoc to be $sce.HTML Remediation Upgrade angularjs to...
Arbitrary Script Injection
Overview Affected versions of this package are vulnerable to Arbitrary Script Injection due to improper sanitization of the $event object passed to the native constructor functions. That isn't protected by the fast paths in $parse. Remediation Upgrade angularjs to version 1.1.5 or higher...