Security Bulletin: Multiple vulnerabilities in AngularJS

Summary IBM has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2020-7676 DESCRIPTION: angular.js is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web pa...

Security Bulletin: IBM MQ Appliance is affected by multiple AngularJS vulnerabilities

Summary IBM MQ Appliance has resolved multiple AngularJS vulnerabilities. Vulnerability Details CVEID: CVE-2020-7676 DESCRIPTION: angular.js is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject...

Acronis: Self-DoS due to template injection via email field in password reset form on access.acronis.com

Summary HI acronis security team , how are you I hope everyone is OK in the other side of the screen . I found Template Injection in https://access.acronis.com/resetpassword/new via the mail input . Steps To Reproduce: 1. Open https://access.acronis.com/resetpassword/new and Enter the mail Payloa...

Security Bulletin: IBM License Key Server Administration and Reporting Tool is impacted by multiple vulnerabilities in jQuery, Bootstrap and AngularJS

Summary Multiple vulnerabilities have been found in jQuery, Bootstrap and AngularJS libraries that are used by IBM License Key Server LKS Administration and Reporting Tool ART. Mitigations have been identified and a fix has been published. Vulnerability Details CVEID: CVE-2019-14863 DESCRIPTION:...

CVE-2021-32816

ProtonMail Web Client is the official AngularJS web client for the ProtonMail secure email service. ProtonMail Web Client before version 3.16.60 has a regular expression denial-of-service vulnerability. This was fixed in commit 6687fb. There is a full report available in the referenced...

Code injection

ProtonMail Web Client is the official AngularJS web client for the ProtonMail secure email service. ProtonMail Web Client before version 3.16.60 has a regular expression denial-of-service vulnerability. This was fixed in commit 6687fb. There is a full report available in the referenced...

CVE-2021-32816

ProtonMail Web Client (AngularJS) before v3.16.60 is affected by a regular expression denial-of-service vulnerability. The issue stems from the regex handling in the Web Client and can be triggered client-side, leading to resource exhaustion. It has been fixed in commit 6687fb. A full report is a...

AngularJS ProtonMail Web Client 资源管理错误漏洞

AngularJS is an open source web application framework based on TypeScript.ProtonMail Web Client is an AngularJS web client. AngularJS ProtonMail Web Client is vulnerable to a resource management error vulnerability that stems from the presence of a regular expression denial of service vulnerabili...

AngularJS < 1.8.0 Cross-Site Scripting

According to its self-reported version number, AngularJS is prior to 1.8.0. Therefore, it may be affected by a a Cross-Site Scripting XSS vulnerability through the wrapping of elements in ones. Note that the scanner has not tested for these issues but has instead relied only on the application's...

AngularJS < 1.7.9 Prototype Pollution

According to its self-reported version number, AngularJS is prior to 1.7.9. Therefore, it may be affected by a prototype pollution vulnerability through merge function. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

AngularJS: Prototype pollution in merge function could result in code injection

A prototype pollution vulnerability was found in AngularJS. A remote attacker could abuse this flaw by providing malicious input to the merge function by overriding or adding properties of the Object.prototype, allowing possible injection of code...

U.S. Dept Of Defense: Sending trusted ████ and ██████████ emails through public API endpoint in ███████ site

Summary: A publicly accessible endpoint at PUT https://████████does not validate any of its four parameters: to, from, subject, text. This enables sending email to any address, with any content, with any from address, on a server that is in ██████whitelist. Such services include, but are not...

AngularJS: Prototype pollution in merge function could result in code injection

A prototype pollution vulnerability was found in AngularJS. A remote attacker could abuse this flaw by providing malicious input to the merge function by overriding or adding properties of the Object.prototype, allowing possible injection of code...

Security Bulletin: Multiple vulnerabilities in AngularJS and jQuery affect IBM Spectrum LSF Simulator

Summary There are multiple vulnerabilities in AngularJS and jQuery used by IBM Spectrum LSF Simulator. IBM Spectrum LSF Simulator has addressed the applicable CVEs. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...

GHSA-WFW3-RGFR-6G67 XSS via Angular Expression in ag-grid

Affected versions of ag-grid are vulnerable to Cross-site Scripting XSS via Angular Expressions, if used in combination with AngularJS. Recommendation Avoid using ag-grid in combination with AngularJS until a fix is available...

XSS via Angular Expression in ag-grid

Affected versions of ag-grid are vulnerable to Cross-site Scripting XSS via Angular Expressions, if used in combination with AngularJS. Recommendation Avoid using ag-grid in combination with AngularJS until a fix is available...

BugPoC: Solution for XSS challenge calc.buggywebsite.com

Summary: http://calc.buggywebsite.com/ is a angular site designed as a calculator. After observing the source code , there is iframe frame.html with functionality of displaying the data of postmessage in the webpage. js window.addEventListener"message", receiveMessage, false; function...

GHSA-5CP4-XMRW-59WF XSS via JQLite DOM manipulation functions in AngularJS

Summary XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith, JQLite.append, new JQLite and angular.element. Description JQLite DOM manipulation library...

XSS via JQLite DOM manipulation functions in AngularJS

Summary XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith, JQLite.append, new JQLite and angular.element. Description JQLite DOM manipulation library...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith,...