1344 matches found
CVE-2019-14863
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...
Design/Logic Flaw
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...
UBUNTU-CVE-2019-14863
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...
CVE-2019-14863
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...
CVE-2019-14863
CVE-2019-14863 affects AngularJS: all versions before 1.5.0-beta.0 are vulnerable to cross-site scripting due to unvalidated data delivered with trusted dynamic content after escaping context. The CVE is referenced in multiple sources (e.g., Ubuntu USN-7958-1, IBM Security Bulletins). Impact is c...
CVE-2019-14863
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...
Ngrev - Tool For Reverse Engineering Of Angular Applications
Graphical tool for reverse engineering of Angular projects. It allows you to navigate in the structure of your application and observe the relationship between the different modules, providers, and directives. The tool performs static code analysis which means that you don't have to run your...
Important: Red Hat Security Advisory: Red Hat Process Automation Manager 7.5.1 Security Update
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
angular: Cross-site Scripting (XSS) due to no proper sanitization of xlink:href attributes
A cross-site scripting XSS flaw was found in Angular. This flaw occurs due to improper sanitation of xlink:href attributes, which allows the web application to deliver data to users, along with other trusted content, without proper validation...
Important: Red Hat Security Advisory: Red Hat Decision Manager 7.5.1 Security Update
An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...
angular: Cross-site Scripting (XSS) due to no proper sanitization of xlink:href attributes
A cross-site scripting XSS flaw was found in Angular. This flaw occurs due to improper sanitation of xlink:href attributes, which allows the web application to deliver data to users, along with other trusted content, without proper validation...
Prototype Pollution
Overview Versions of angular prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function merge does not restrict the modification of an Object's prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendatio...
@amitport/useful (>=0.5.0 <=0.5.2), @arivazhagan/demo-project (=1.0.1) +965 more potentially affected by CVE-2019-10768 via angular (>=0.0.1 <=1.7.8)
angular NPM version =0.0.1, =0.5.0, =0.0.8, =2.3.0, =1.5.8, =2.8.3-2, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.2.24, =0.0.1, =0.0.1, =0.0.5, =0.1.7 and more Source cves: CVE-2019-10768 Source advisory: OSV:GHSA-89MQ-4X47-5V83...
GHSA-89MQ-4X47-5V83 angular Prototype Pollution vulnerability
Versions of angular prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function merge does not restrict the modification of an Object's prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation Upgrade...
angular Prototype Pollution vulnerability
Versions of angular prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function merge does not restrict the modification of an Object's prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation Upgrade...
PT-2020-9608
Name of the Vulnerable Software and Affected Versions angular versions prior to 1.5.0-beta.0 angular versions prior to 1.5.0-beta.1 Description The issue allows attackers to execute arbitrary JavaScript in a victim's browser if the xlink:href attribute value is user-controlled, due to the package...
@amitport/useful (>=0.5.0 <=0.5.2), @arivazhagan/demo-project (=1.0.1) +833 more potentially affected by CVE-2019-10768 via angular (>=1.4.0 <=1.7.8)
angular NPM version =1.4.0, =0.5.0, =0.0.8, =2.3.0, =1.5.8, =2.8.3-2, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.2.24, =0.0.1, =0.0.1, =0.0.5, =0.1.7 and more Source cves: CVE-2019-10768 Source advisory: SNYK:JS-ANGULAR-534884...
Prototype Pollution
Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...
Prototype Pollution
Overview Affected versions of this package are vulnerable to Prototype Pollution. The function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload. PoC by Snyk angular.merge, JSON.parse'"proto": "xxx": "polluted"'; console.log.xxx; Details Prototyp...
Cross-Site Scripting (XSS)
angular is vulnerable to cross-site scripting XSS. There is no $sce protection against linkhref, which would allow a remote attacker to inject arbitrary Javascript into a victim's browser via RESOURCEURL...