CVE-2021-4231

A flaw was found in the angular/core package. Affected versions of this package are vulnerable to Cross-site scripting XSS in development, with Server-side rendering SSR enabled...

formio-workers (>=1.0.0 <=1.5.0), ng2-formio (>=1.0.0-rc.24 <=1.0.0-rc.28) +1 more potentially affected by CVE-2020-28246 via formio (=1.91.13)

formio NPM version =1.91.13 is affected by a known vulnerability. The following packages have a transitive dependency on formio and may be impacted: - formio-workers =1.0.0, =1.0.0-rc.24, =1.0.0-rc.28 - v-formio-custom-component =0.1.1 Source cves: CVE-2020-28246 Source advisory:...

Cross-Site Scripting (XSS)

@angular/core is vulnerable to cross-site scripting. The vulnerability exists in few methods due to not escaping the comment text which allows an attacker to inject and execute arbitrary javascript...

@altenull/foret-ng (=1.0.0-0), @apipass/buttons (>=0.1.1 <=0.1.1-beta.10) +370 more potentially affected by CVE-2021-4231 via @angular/core (>=0.0.0-0 <=10.2.4)

@angular/core NPM version =0.0.0-0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.2 - @clemanto/ng2-smart-table =1.7.3 and more Source cves: CVE-2021-4231 Source advisory: OSV:GHSA-C75V-2VQ8-878F...

Angular vulnerable to Cross-site Scripting

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to...

GHSA-C75V-2VQ8-878F Angular vulnerable to Cross-site Scripting

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to...

Cross site scripting in Angular

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to...

CVE-2021-4231

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to...

Cross site scripting

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to...

CVE-2021-4231 Angular Comment cross site scripting

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to...

CVE-2021-4231 Angular Comment cross site scripting

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to...

CVE-2021-4231

The CVE-2021-4231 entry corresponds to an Angular XSS vulnerability in the Angular versions up to 11.0.4 and 11.1.0-next.2, specifically affecting the handling of comments, where input could be crafted to execute script in a victim’s browser when rendering. The upstream patch fixes this by upgrad...

Security Bulletin: A security vulnerability has been identified in Angular shipped with Tivoli Business Service Manager (CVE-2022-25844)

Summary Angular is shipped with IBM Tivoli Business Service Manager. Information about a security vulnerability affecting Angular has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

angular-lunarc-blog (>=0.0.1 <=0.0.3), angular-lunarc-core (>=0.0.2 <=0.0.5) +14 more potentially affected by CVE-2018-11537 via angular-jwt (>=0.0.7 <=0.0.9)

angular-jwt NPM version =0.0.7, =0.0.1, =0.0.2, =0.0.1, =4.0.0, =1.0.0, =2.0.0, =4.0.0, =3.0.19, =3.1.0, =7.0.0, =3.0.0, =0.2.4, =0.0.1, =0.5.0, =0.5.3 and more Source cves: CVE-2018-11537 Source advisory: OSV:GHSA-VM2P-F5J4-MJ6G...

Auth0 angular-jwt misinterprets allowlist as regex

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain allowlist filter via a crafted domain. For example, if the setting is initialized...

GHSA-VM2P-F5J4-MJ6G Auth0 angular-jwt misinterprets allowlist as regex

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain allowlist filter via a crafted domain. For example, if the setting is initialized...

GHSA-88FH-8979-Q2RR Angular Redactor XSS Vulnerability

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...

Angular Redactor XSS Vulnerability

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...

Regular Expression Denial Of Service (ReDoS)

angular is vulnerable to regular expression denial of service. An attacker can crash the application by providing a very high value of custom locale rule through the posPre attribute in the parsePattern function of parser.js...

10.30.npm-learning (>=1.0.0 <=1.1.0), 2017_node (=1.0.0) +2680 more potentially affected by CVE-2022-25844 via angular (>=1.7.0 <=1.8.3)

angular NPM version =1.7.0, =1.0.0, =4.13.7-rc4, =1.103.1, =1.103.1, =1.102.4, =1.102.3, =1.102.3, =1.4.156, =1.0.3, =1.0.0, =1.0.0, =0.5.0, =0.5.2 and more Source cves: CVE-2022-25844 Source advisory: OSV:GHSA-M2H2-264F-F486...