@openagenda/agenda-docx (>=1.0.2 <=1.2.2), @patrickkeller/fishy-templater (=1.0.0) +30 more potentially affected by CVE-2021-21277 via angular-expressions (>=0.1.0 <=1.0.0)

angular-expressions NPM version =0.1.0, =1.0.2, =1.8.0, =1.0.0, =1.0.0, =0.5.2, =0.7.6, =1.4.0, =0.1.0, =0.2.1 and more Source cves: CVE-2021-21277 Source advisory: OSV:GHSA-J6PX-JWVV-VPWQ...

Angular Expressions - Remote Code Execution

Impact The vulnerability, reported by GoSecure Inc, allows Remote Code Execution, if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. This time, the security of the package could be bypassed by using a more complex payload, using a...

Peerigon angular-expressions code injection vulnerability

Peerigon angular-expressions is a Javascript-based codebase that can be used to extract browser nodes from Peerigon, Germany. A code injection vulnerability exists in angular-expressions 1.1.2, which allows remote code execution and can be exploited by an attacker to run any browser script...

PT-2021-14383 · Unknown · Angular-Expressions

Name of the Vulnerable Software and Affected Versions: angular-expressions versions prior to 1.1.2 Description: The issue allows Remote Code Execution if expressions.compileuserControlledInput is called where userControlledInput is text that comes from user input. The security of the package coul...

Remote Code Execution

angular-expressions is vulnerable to remote code execution. An attacker to execute arbitrary Javascript expressions on the system when the function compile is called with user-controlled input...

CVE-2020-5219

Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...

CVE-2020-5219

Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...

Remote code execution

Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...

@openagenda/agenda-docx (>=1.0.2 <=1.2.2), @patrickkeller/fishy-templater (=1.0.0) +30 more potentially affected by CVE-2020-5219 via angular-expressions (>=0.1.0 <=1.0.0)

angular-expressions NPM version =0.1.0, =1.0.2, =1.8.0, =1.0.0, =1.0.0, =0.5.2, =0.7.6, =1.4.0, =0.1.0, =0.2.1 and more Source cves: CVE-2020-5219 Source advisory: OSV:GHSA-HXHM-96PP-2M43...

GHSA-HXHM-96PP-2M43 Remote Code Execution in Angular Expressions

Impact The vulnerability, reported by GoSecure Inc, allows Remote Code Execution, if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...

CVE-2020-5219 Remote Code Execution in Angular Expressions

Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...

ag-grid cross-site scripting vulnerability

ag-grid is a data grid component designed primarily for JavaScript frameworks . A cross-site scripting vulnerability exists in ag-grid. When AngularJ is used with ag-grid, a remote attacker can exploit this vulnerability to inject code with the help of Angular expressions...

CVE-2017-16009

ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting XSS via Angular Expressions, if AngularJS is used in combination with ag-grid...

PT-2018-6038 · Ag Grid +1 · Ag-Grid +1

Name of the Vulnerable Software and Affected Versions: ag-grid affected versions not specified Description: The issue concerns Cross-site Scripting XSS via Angular Expressions when ag-grid is used in combination with AngularJS. Recommendations: Avoid using ag-grid in combination with AngularJS...

XSS via Angular Expression

Overview Affected versions of ag-grid are vulnerable to Cross-site Scripting XSS via Angular Expressions, if used in combination with AngularJS. Recommendation Avoid using ag-grid in combination with AngularJS until a fix is available. References - Issue 1287 -...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. $parse allowed arbitrary code execution via Angular expressions under some very specific conditions. The only applications affected by these vulnerabilities are those that match all of the following conditions:...