Cross-site Scripting (XSS)

@progress/kendo-angular-editor is vulnerable to cross-site scripting XSS. The vulnerability exists as the value of the Editor content element passed through event handlers gets executed without sanitization...

GHSA-J7WP-VJJ6-CP5M Cross-Site Scripting in @progress/kendo-angular-editor

Kendo UI for Angular Editor Component npm package @progress/kendo-angular-editor before version 1.2.3 is vulnerable to Cross-Site Scripting. When the Editor content contains potentially malicious scripts in element event handlers, they get executed. Adding the following content to the Editor valu...

Cross-Site Scripting in @progress/kendo-angular-editor

Kendo UI for Angular Editor Component npm package @progress/kendo-angular-editor before version 1.2.3 is vulnerable to Cross-Site Scripting. When the Editor content contains potentially malicious scripts in element event handlers, they get executed. Adding the following content to the Editor valu...

Cross-Site Scripting

Overview @progress/kendo-angular-editor before version 1.2.3 is vulnerable to Cross-Site Scripting. When the Editor content contains potentially malicious scripts in element event handlers, they get executed. Adding the following content to the Editor value demonstrates the issue: . Recommendatio...

@amitport/useful (>=0.5.0 <=0.5.2), @arivazhagan/demo-project (=1.0.1) +1011 more potentially affected by unknown CVE via angular (>=0.0.1 <=1.7.9)

angular NPM version =0.0.1, =0.5.0, =0.0.8, =2.3.0, =1.5.8, =2.8.3-2, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.2.24, =0.0.1, =0.0.1, =0.0.5, =0.1.7 and more Source cves: unknown CVE Source advisory: OSV:GHSA-5CP4-XMRW-59WF...

CVE-2020-7676

A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

Angular vulnerable to Cross-site Scripting

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping elements in ones changes parsing behavior, leading to possibly unsanitizing code...

@amitport/useful (>=0.5.0 <=0.5.2), @arivazhagan/demo-project (=1.0.1) +1011 more potentially affected by CVE-2020-7676 via angular (>=0.0.1 <=1.7.9)

angular NPM version =0.0.1, =0.5.0, =0.0.8, =2.3.0, =1.5.8, =2.8.3-2, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.2.24, =0.0.1, =0.0.1, =0.0.5, =0.1.7 and more Source cves: CVE-2020-7676 Source advisory: OSV:GHSA-MHP6-PXH8-R675...

GHSA-MHP6-PXH8-R675 Angular vulnerable to Cross-site Scripting

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping elements in ones changes parsing behavior, leading to possibly unsanitizing code...

Cross-site Scripting (XSS)

angular is vulnerable to cross-site scripting XSS. The vulnerability exists as the regex-based replacement, XHTMLTAGREGEXP, could convert sanitized code which has wrapped into , into unsanitized code...

Angular template injection on custom report name field

Summary Report name field is affected by angular template injection which can lead to XSS attacks. Impact Custom report name field can lead to XSS attacks by malicious users. The attacker must have a valid Guardian/CMC login with the ‘Report editor’ capability to leverage this. Mitigation None...

@amitport/useful (>=0.5.0 <=0.5.2), @arivazhagan/demo-project (=1.0.1) +1010 more potentially affected by CVE-2020-7676 via angular (>=1.0.8 <=1.7.9)

angular NPM version =1.0.8, =0.5.0, =0.0.8, =2.3.0, =1.5.8, =2.8.3-2, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.2.24, =0.0.1, =0.0.1, =0.0.5, =0.1.7 and more Source cves: CVE-2020-7676 Source advisory: SNYK:JS-ANGULAR-570058...

Cross-site Scripting (XSS)

Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...

@daedalus/angular-handsontable (>=1.0.1 <=1.0.5), @handsontable6/angular (=7.0.0) +20 more potentially affected by CVE-2020-6836 via hot-formula-parser (=2.3.3)

hot-formula-parser NPM version =2.3.3 is affected by a known vulnerability. The following packages have a transitive dependency on hot-formula-parser and may be impacted: - @daedalus/angular-handsontable =1.0.1, =0.1.10, =1.0.2, =1.0.1, =0.1.1, =1.0.0, =1.0.1, =0.1.0, =1.0.1, =0.1.2, =1.0.2 -...

Cross site scripting

The SAP Commerce SmartEdit Extension, versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting XSS that exploits the templating facilities of the angular framework...

@bloomreach/hippo-theme (=2.2.3), @covisint/cui-idm-b2x (>=0.2.1 <=1.3.0) +370 more potentially affected by CVE-2019-14863 via angular (>=0.0.1 <=1.4.9)

angular NPM version =0.0.1, =0.2.1, =0.2.0-dev, =1.2.6, =0.3.2, =1.0.4, =0.1.1, =1.0.4, =1.1.24, =1.0.3, =1.0.12, =1.0.7, =0.0.1, =3.2.10-0, =3.2.10-1 and more Source cves: CVE-2019-14863 Source advisory: OSV:GHSA-R5FX-8R73-V86C...

Mail.ru: [geekbrains.ru] Reflected XSS via Angular Template Injection

Potential XSS due to use of Angular templates...

Acunetix v13 - Web Application Security Scanner

Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix Version 13. The new release comes with an improved user interface and introduces innovations such as the SmartScan engine, malware detection functionality, comprehensive network scanning,...

Remote Code Execution

angular-expressions is vulnerable to remote code execution. An attacker to execute arbitrary Javascript expressions on the system when the function compile is called with user-controlled input...

CVE-2020-5219

Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...