312 matches found
CVE-2024-8372
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...
F5 Networks BIG-IP : AngularJS XSS vulnerability (K32412075)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K32412075 advisory. angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code...
Loaded Commerce 6.6 Client-Side Template Injection
Loaded Commerce version 6.6 suffers from a client-side template injection vulnerability. Exploit Title: Loaded Commerce 6.6 Client-Side Template InjectionCSTI AngularJS Date: 03/13/2025 Exploit Author: tmrswrr Vendor Homepage: https://loadedcommerce.com/ Version: 6.6 Tested on:...
The vulnerability of the AngularJS JavaScript framework for developing single-page applications stems from improper checking of input data’s security equivalence. This allows attackers to circumvent existing security restrictions and perform spear-phishing attacks.
The vulnerability of the AngularJS JavaScript framework for developing single-page applications is related to improper checking of unsafe equivalence of input data. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and execute arbitrary code...
The vulnerability of the AngularJS JavaScript framework for developing single-page applications lies in its incomplete filtering of special elements. This allows attackers to bypass existing security restrictions and perform spear-phishing attacks.
The vulnerability of the AngularJS framework for developing single-page applications is related to incomplete filtering of special elements. Exploiting this vulnerability can allow attackers to bypass existing security restrictions and perform spear-phishing attacks...
K000141463: Angular JS vulnerabilities CVE-2019-10768 and CVE-2023-26116
Security Advisory Description CVE-2019-10768 In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload. CVE-2023-26116 Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Servi...
F5 Networks BIG-IP : Angular JS vulnerabilities (K000141463)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the K000141463 advisory. CVE-2019-10768In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying...
Security Bulletin: Vulnerabilities in Node.js, AngularJS, Golang Go, libcURL, PostgreSQL, Linux kernel might affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, AngularJS, Golang Go, libcURL, PostgreSQL, and Linux. Vulnerabilities include obtaining sensitive information, causing denial of service condition, heap-based buffer overflow, bypassing of security restrictions,...
Improper Validation of Unsafe Equivalence in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the srcset attribute, which allows bypassing the imgSrcSanitizationTrustedUrlList allowlist. An attacker can manipulate the content presented to other users by setting a srcset value...
Improper Validation of Unsafe Equivalence in Input
Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the srcset attribute, which allows bypassing the imgSrcSanitizationTrustedUrlList allowlist. An attacke...
Incomplete Filtering of Special Elements
Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements. The srcset attribute in an HTML element can be a vector for content spoofing. An attacker can manipulate the conten...
Incomplete Filtering of Special Elements
Overview Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements. The srcset attribute in an HTML element can be a vector for content spoofing. An attacker can manipulate the content presented to other users by interpolating a srcset value directly that doesn'...
AngularJS allows attackers to bypass common image source restrictions
Improper sanitization of the value of the srcset attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects all versions of...
AngularJS allows attackers to bypass common image source restrictions
Improper sanitization of the value of the srcset attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...
GHSA-M9GF-397R-HWPG AngularJS allows attackers to bypass common image source restrictions
Improper sanitization of the value of the srcset attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...
GHSA-MQM9-C95H-X2P6 AngularJS allows attackers to bypass common image source restrictions
Improper sanitization of the value of the srcset attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects all versions of...
DEBIAN-CVE-2024-8372
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...
CVE-2024-8372
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...
CVE-2024-8373
Improper sanitization of the value of the srcset attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects all versions of...
DEBIAN-CVE-2024-8373
Improper sanitization of the value of the srcset attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects all versions of...