nodejs-angular: XSS due to regex-based HTML replacement

A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

nodejs-angular: XSS due to regex-based HTML replacement

A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

nodejs-angular: XSS due to regex-based HTML replacement

A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

nodejs-angular: XSS due to regex-based HTML replacement

A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.4.6 security update

A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security update for libmysofa (moderate)

openSUSE Security Update: Security update for libmysofa Announcement ID: openSUSE-SU-2021:0459-1 Rating: moderate References: 1149919 1149920 1149922 1149924 1149926 1159839 1160040 1181977 1181978 1181979 1181980 1181981 1182883 Cross-References: CVE-2019-16091 CVE-2019-16092 CVE-2019-16093...

OPENSUSE-SU-2021:0459-1 Security update for libmysofa

This update for libmysofa fixes the following issues: - Added security backports: ghhoene/libmysofa136 - CVE-2020-36152 - boo1181977 ghhoene/libmysofa138 - CVE-2020-36148 - boo1181981 ghhoene/libmysofa137 - CVE-2020-36149 - boo1181980 ghhoene/libmysofa134 - CVE-2020-36151 - boo1181978...

@duetds/angular (>=5.0.2 <=5.0.3), @duetds/components (>=5.0.2 <=5.0.3) +2 more potentially affected by CVE-2021-23356 via kill-process-by-name (=1.0.5)

kill-process-by-name NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on kill-process-by-name and may be impacted: - @duetds/angular =5.0.2, =5.0.2, =1.7.20, =5.0.2, =5.0.3 Source cves: CVE-2021-23356 Source advisory:...

Cross-Site Scripting (XSS)

Overview Affected versions of angular are vulnerable to JSONP Callback Attack. JSONP JSON with padding is a method used to request data from a server residing in a different domain than the client. Any url could perform JSONP requests, allowing full access to the browser and the JavaScript contex...

@duetds/angular (>=5.0.2 <=5.0.3), @duetds/components (>=5.0.2 <=5.0.3) +2 more potentially affected by CVE-2021-23356 via kill-process-by-name (=1.0.5)

kill-process-by-name NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on kill-process-by-name and may be impacted: - @duetds/angular =5.0.2, =5.0.2, =1.7.20, =5.0.2, =5.0.3 Source cves: CVE-2021-23356 Source advisory:...

Remote Code Execution

Overview Affected versions of angular-expressions are affected by a remote code execution vulnerability. Impact If you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input you are potentially impacted. The security of the package could be bypass...

Cross-Site Scripting (XSS)

@angular/core is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user's browser through SSR into a comment node...

FetLife: Stored XSS via Angular Expression injection via Subject while starting conversation with other users.

The reporter pointed out that the Subject field for sending private messages using FetLife's onsite chat was vulnerable to a stored XSS exploit, allowing people to execute potentially malicious contents on the receiving end of the message...

nodejs-angular: XSS due to regex-based HTML replacement

A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

Cross-site Scripting (XSS)

Overview ngx-markdown-editor is an Angular markdown editor based on ace editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the markdown editor. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious scri...

Remote Code Execution (RCE)

angular-expressions is vulnerable to remote code execution RCE. The vulnerability exists through the use of the .constructor.constructor technique passed into the expressions.compile function...

CVE-2021-21277

angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compileuserControlledInput" where "userControlledInput" is tex...

CVE-2021-21277

angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compileuserControlledInput" where "userControlledInput" is tex...

Remote code execution

angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compileuserControlledInput" where "userControlledInput" is tex...

CVE-2021-21277

The CVE-2021-21277 issue affects angular-expressions prior to 1.1.2. Affected component: the expressions.compile(userControlledInput) path, where user input can bypass security via a complex payload (notably using the .constructor.constructor technique). In the browser, this could run arbitrary b...