CVE-2017-5246

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can supply a valid AngularJS expression ({{ … }}) which will be evaluated by other authenticated users viewing the attacker’s display name. Affected versions are 5.0.0000 t...

CVE-2017-5246

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces . This expression will be evaluated by any other authenticated user who views the...

How to Combine D3 with AngularJS

The Benefits and Challenges of D3 Angular Combination Today we'll be focusing on how to combine D3 with the AngularJS framework. As we all know, Angular and D3 frameworks are very popular, and once they work together they can be very powerful and helpful when creating dashboards. But, they can al...

WordPress: [mercantile.wordpress.org] Reflected XSS via AngularJS Template Injection

Hi, By injecting a crafted AngularJS payload into the search endpoint on the WordPress Swag Store, it was possible to achieve reflected XSS further to resolved report 221893. I came across a potential exploitation vector after noticing that a search query for 22 returned 4 in the site title...

Learn How to Code: Get 10 Best Online Training Courses for Just $49

Struggling to learn how to code? If you’re looking to 'learn how to code' and seeking a career as an expert-level programmer, you should know how to play with codes and make your own. It's no secret that mastering a coding language or two can put you at the top of the job market – thanks to the...

WordPress: XSS in the search bar of mercantile.wordpress.org

Hi wordpress! Glad to see you here at H1. I found a XSS issue in the https://mercantile.wordpress.org/s= This works with the angular js payloads. I did inject a angular js code its because I found the ng-bindable in the source. STEPS TO REPRODUCE 1. Go to https://mercantile.wordpress.org 2. Click...

How BurpSuite detection of Blind XSS vulnerabilities-vulnerability warning-the black bar safety net

! Last weekend, I participated in a French hack of the Year competition“Nuit du Hack 2017”the qualification heats, at the time I managed to get the game in all the Web security challenges, and one person alone had a team in the Web challenges of all the scores, and I use the tool only BurpSuite...

XSS via Angular Expression

Overview Affected versions of ag-grid are vulnerable to Cross-site Scripting XSS via Angular Expressions, if used in combination with AngularJS. Recommendation Avoid using ag-grid in combination with AngularJS until a fix is available. References - Issue 1287 -...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to $sanitize in sanitizer being unable to traverse the HTML because one or more of the elements in the HTML have been "clobbered". This could be a sign that the payload contains code attempting to cause a DoS...

Free Open Source Scalable Incident Response Platform: The Hive

Free Open Source Scalable Incident Response Platform TheHive is a scalable 3-in-1 open source and free solution designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. TheHi...

Content Security Policy (CSP) Bypass

Overview Affected versions of this package are vulnerable to Content Security Policy CSP Bypass. Extension URIs resource://... bypass Content-Security-Policy in Chrome and Firefox and can always be loaded. Now if a site already has a XSS bug, and uses CSP to protect itself, but the user has an...

CVE-2016-0926

Cross-site scripting XSS vulnerability in Apps Manager in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework...

Cross site scripting

Cross-site scripting XSS vulnerability in Apps Manager in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework...

CVE-2016-0926

Cross-site scripting XSS vulnerability in Apps Manager in Pivotal Cloud Foundry PCF Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework...

CVE-2016-0926

CVE-2016-0926 is a cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Elastic Runtime 's Apps Manager . The flaw affects Elastic Runtime versions prior to 1.6.32 and prior to 1.7.8 for the 1.7.x line, where untrusted input that interacts with the AngularJS framework can be re...

DEBIAN-CVE-2016-4428

Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...

CVE-2016-4428

Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...

CVE-2016-4428

Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...

Cross site scripting

Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...

CVE-2016-4428

Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...