Sensitive Information Leakage

IdentityServer3 is vulnerable to sensitive information leakage. The leakage of identityserver responses is possible because there is a flaw in Angular expression on the authorize response page...

Cross-site Scripting (XSS)

angular-redactor is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of user input that is used in an eval call...

CVE-2018-13339

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...

Cross site scripting

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...

CVE-2018-13339

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...

CVE-2018-13339

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...

CVE-2018-13339

CVE-2018-13339 affects Imperavi Redactor 3 in Angular Redactor 1.1.6 when HTML content mode is used, enabling a stored XSS as demonstrated by an onerror attribute in an IMG element; related to CVE-2018-7035. Several adjacent advisories (OSV/GHSA variants) describe the same XSS class and the root ...

ShopNx - Arbitrary File Upload

ShopNx - Arbitrary File Upload Exploit Title: ShopNx - Angular5 Single Page Shopping Cart Application 1 - Arbitrary File Upload Date: 2018-07-03 Exploit Author: L0RD Email: [email protected] Vendor Homepage: http://codenx.com/ Version: 1 CVE: CVE-2018-12519 Tested on: Win 10...

angular-http-server path traversal vulnerability

angular-http-server is an HTTP server for deploying single page applications. A path traversal vulnerability exists in angular-http-server, which stems from the program's lack of checksums on possibleFilename. An attacker can exploit this vulnerability to read the contents of an arbitrary file wi...

Authorization Bypass

angular-jwt is vulnerable to authorization bypasses. The library's whitelist entries are treated as regular expressions meaning that the . separator will match any character. This allows a malicious user to set up a domain name to bypass the whitelist filter e.g. if the entry is example.entry.io,...

ShopNx 1 Arbitrary File Upload Vulnerability

ShopNx 1 an Angular 5 single page application. ShopNx 1 suffers from an arbitrary file upload vulnerability that allows an attacker to upload a malicious html file or other file containing a JavaScript payload to steal user credentials...

CVE-2018-11537

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain...

Design/Logic Flaw

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain...

CVE-2018-11537

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain...

CVE-2018-11537

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain...

CVE-2018-11537

Auth0 angular-jwt (before v0.1.10) is affected: entries in whiteListedDomains are treated as regular expressions, allowing a crafted domain to bypass the domain allowlist/whitelist filter. This misinterpretation can enable unauthorized access by crafting domains that match the regex pattern (e.g....

ag-grid cross-site scripting vulnerability

ag-grid is a data grid component designed primarily for JavaScript frameworks . A cross-site scripting vulnerability exists in ag-grid. When AngularJ is used with ag-grid, a remote attacker can exploit this vulnerability to inject code with the help of Angular expressions...

CVE-2018-3713

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path...

Path traversal

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path...

CVE-2018-3713

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path...