ag-grid cross-site scripting vulnerability

ag-grid is a data grid component designed primarily for JavaScript frameworks . A cross-site scripting vulnerability exists in ag-grid. When AngularJ is used with ag-grid, a remote attacker can exploit this vulnerability to inject code with the help of Angular expressions...

CVE-2018-3713

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path...

Path traversal

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path...

CVE-2018-3713

CVE-2018-3713 concerns a path-traversal in the node module angular-http-server caused by lack of validation of possibleFilename, allowing a remote attacker to read arbitrary files on the server. Public reports and advisories (GHSA-4RVG-955W-H68Q; OSV; CNVD; PRION; NVD) consistently identify angul...

CVE-2018-3713

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path...

i18n-node-angular Multiple Vulnerabilities

i18n-node-angular is a tool that supports the use of i18n nodes in AngularJS applications. A denial of service and content injection vulnerability exists in REST endpoints in versions prior to i18n-node-angular 1.4.0. An attacker can exploit this vulnerability to cause a denial of service or...

PT-2018-16137 · Node.Js · Angular-Http-Server

Name of the Vulnerable Software and Affected Versions: angular-http-server versions prior to 1.6.0 Description: The angular-http-server node module has a Path Traversal issue due to the lack of validation of the possibleFilename variable, allowing a malicious user to read the content of any file...

CVE-2017-16009

ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting XSS via Angular Expressions, if AngularJS is used in combination with ag-grid...

PT-2018-6038 · Ag Grid +1 · Ag-Grid +1

Name of the Vulnerable Software and Affected Versions: ag-grid affected versions not specified Description: The issue concerns Cross-site Scripting XSS via Angular Expressions when ag-grid is used in combination with AngularJS. Recommendations: Avoid using ag-grid in combination with AngularJS...

Design/Logic Flaw

i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of...

CVE-2016-10524

i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of...

CVE-2016-10524

CVE-2016-10524 affects i18n-node-angular. A REST endpoint intended for development was not disabled in production in versions before 1.4.0, allowing a malicious user to cause a Denial of Service or content injection. The issue is documented across NVD/NVD mirror entries and corroborated by multip...

CVE-2016-10524

i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of...

Passit: Insecure opening of external links in app.passit.io/list allows for reverse tabnabbing

Description https://app.passit.io/list renders external links under attacker control that open in a new tab such that the opened tab has access to the opening tab where the user was just browsing on app.passit.io via window.opener. This is likely due to the lack of specifying a rel="noopener"...

Path Traversal

Overview Versions of angular-http-server before 1.4.4 are vulnerable to path traversal. Recommendation Update to version 1.4.4 or later. References - HackerOne Reporthttps://hackerone.com/reports/330349 - Commit 8bafc95 - GitHub Advisory...

Malicious Package

Overview Version 0.1.1 of angular-material-sidenav-rnd contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.1.1 of this module i...

Malicious Package

Overview Version 0.0.9 of angular-bmap contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.9 of this module is found installe...

Yamot - Yet Another MOnitoring Tool

yamot is a web-based server-monitoring tool built for small environments with just a handful servers. It takes a minimum of resources which allows the execution on almost every machine, also very old ones. It works best with Linux or BSD. Windows is not part of the server scope. You could use it...

Path Traversal

Overview Versions of angular-http-server before 1.4.3 are vulnerable to path traversal allowing a remote attacker to read files from the server that uses angular-http-server. Recommendation Update to version 1.6.0 or later. Note: This was originally thought to be fixed in version 1.4.3, though...

Path Traversal

angular-http-server is vulnerable to path traversal attacks. Using a string including ../, attackers can traverse the server and any file with a known path...