1344 matches found
CVE-2020-5219
Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...
Remote code execution
Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...
@openagenda/agenda-docx (>=1.0.2 <=1.2.2), @patrickkeller/fishy-templater (=1.0.0) +30 more potentially affected by CVE-2020-5219 via angular-expressions (>=0.1.0 <=1.0.0)
angular-expressions NPM version =0.1.0, =1.0.2, =1.8.0, =1.0.0, =1.0.0, =0.5.2, =0.7.6, =1.4.0, =0.1.0, =0.2.1 and more Source cves: CVE-2020-5219 Source advisory: OSV:GHSA-HXHM-96PP-2M43...
GHSA-HXHM-96PP-2M43 Remote Code Execution in Angular Expressions
Impact The vulnerability, reported by GoSecure Inc, allows Remote Code Execution, if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...
Remote Code Execution in Angular Expressions
Impact The vulnerability, reported by GoSecure Inc, allows Remote Code Execution, if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...
CVE-2020-5219
The CVE-2020-5219 entry concerns angular-expressions prior to version 1.0.1. The underlying issue is a remote code execution vulnerability triggered when user-supplied input is passed to expressions.compile(userControlledInput). In the browser, this can allow execution of arbitrary browser script...
CVE-2020-5219 Remote Code Execution in Angular Expressions
Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...
CVE-2019-17125
A Reflected Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS...
CVE-2019-17125
A Reflected Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS...
CVE-2019-17127
A Stored Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation...
CVE-2019-17127
A Stored Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation...
Design/Logic Flaw
A Stored Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation...
CVE-2019-17127
Summary: CVE-2019-17127 describes a Stored Client Side Template Injection (CSTI) in SolarWinds Orion Platform 2019.2 HF1. The vulnerability allows an attacker to inject an Angular expression and escape the Angular sandbox, causing stored XSS and potential privilege escalation. The affected compon...
CVE-2019-17127
A Stored Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation...
CVE-2019-17125
CVE-2019-17125 concerns a Reflected Client‑Side Template Injection (CSTI) in SolarWinds Orion Platform 2019.2 HF1. The CSTI arises via Angular expressions that attackers can inject to escape the Angular sandbox, enabling stored XSS across multiple input vectors within the Orion Web UI. The NVD en...
CVE-2019-17125
A Reflected Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS...
Cross-Site Scripting
Overview Versions of angular prior to 1.5.0-beta.1 are vulnerable to Cross-Site Scripting. The package fails to sanitize xlink:href attributes, which may allow attackers to execute arbitrary JavaScript in a victim's browser if the value is user-controlled. Recommendation Upgrade to version...
CVE-2019-14863
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...
DEBIAN-CVE-2019-14863
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...
CVE-2019-14863
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...