Progress多款产品 跨站脚本漏洞

Progress Telerik UI for ASP.NET Core and others are products of Progress, Inc.Progress Telerik UI for ASP.NET Core is a set of UI component libraries for building cross-platform responsive web applications.Progress Telerik UI for Progress Telerik UI for ASP.NET MVC is a library of UI components f...

Malicious code in emerson-angular-trove (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3710a484d9498defd18d6636486ebe053b8e10147655e6735b1d3769cb3a8676 Any computer that has this package installed or running should be considered...

MAL-2025-5338 Malicious code in emerson-angular-trove (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3710a484d9498defd18d6636486ebe053b8e10147655e6735b1d3769cb3a8676 Any computer that has this package installed or running should be considered...

Malicious code in angular-intro (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5eefd72906fec89738b3a3e6f7891c6990275c5a3c3140dde3cd08f3f3bfc2be Any computer that has this package installed or running should be considered...

MAL-2025-5244 Malicious code in angular-intro (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5eefd72906fec89738b3a3e6f7891c6990275c5a3c3140dde3cd08f3f3bfc2be Any computer that has this package installed or running should be considered...

org.webjars.bowergithub.advanced-rest-client:code-mirror (=2.0.1), org.webjars.bowergithub.angular-ui:ui-codemirror (>=0.1.6 <=0.3.0) potentially affected by CVE-2025-6493 via org.webjars.bowergithub.components:codemirror (>=4.13.0 <=5.65.12)

org.webjars.bowergithub.components:codemirror MAVEN version =4.13.0, =0.1.6, =0.3.0 Source cves: CVE-2025-6493 Source advisory: SNYK:JAVA-ORGWEBJARSBOWERGITHUBCOMPONENTS-10494093...

MAL-2025-4967 Malicious code in traceviz-angular-core (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd91335d1e9106d7a9f2dfe3a76ecdb4e4cf5008dc0da1a864d0e1a084f3f1ec Any computer that has this package installed or running should be considered...

Malicious code in traceviz-angular-core (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd91335d1e9106d7a9f2dfe3a76ecdb4e4cf5008dc0da1a864d0e1a084f3f1ec Any computer that has this package installed or running should be considered...

org.webjars:angular-markdown-directive (=0.3.0) potentially affected by CVE-2025-2336 via org.webjars:angular-sanitize (=1.2.16)

org.webjars:angular-sanitize MAVEN version =1.2.16 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars:angular-sanitize and may be impacted: - org.webjars:angular-markdown-directive =0.3.0 Source cves: CVE-2025-2336 Source advisory:...

Incomplete Filtering of Special Elements

Overview org.webjars:angular-sanitize is an AngularJS module for sanitizing HTML Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements through the ngSanitize module. An attacker can manipulate image sources and perform content spoofing by injecting malicious...

Incomplete Filtering of Special Elements

Overview org.webjars.npm:angular-sanitize is an AngularJS module for sanitizing HTML Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements through the ngSanitize module. An attacker can manipulate image sources and perform content spoofing by injecting...

net.aequologica.neo:geppaequo-tags (>=0.5.3 <=0.6.0), net.aequologica.neo:geppaequo-web (>=0.5.3 <=0.6.0) +4 more potentially affected by CVE-2025-2336 via org.webjars.npm:angular-sanitize (>=1.5.0-beta.0 <=1.8.3)

org.webjars.npm:angular-sanitize MAVEN version =1.5.0-beta.0, =0.5.3, =0.5.3, =0.6.0 - org.webjars.npm:angular-auto-complete =1.7.4 - org.webjars.npm:angular-material-calendar =0.2.14 - org.webjars.npm:angular-schema-form =0.8.13 - org.webjars.npm:github-com-showdownjs-ng-showdown =1.1.0 Source...

com.github.grantlittle:bdd-reporting-server (>=0.1.5 <=0.1.7), com.github.grantlittle:bdd-reporting-service (=0.1.9) +59 more potentially affected by CVE-2025-2336 via org.webjars.bower:angular-sanitize (>=1.2.29 <=1.8.2)

org.webjars.bower:angular-sanitize MAVEN version =1.2.29, =0.1.5, =0.5.0, =0.5.0, =0.5.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.1 and more Source cves: CVE-2025-2336 Source advisory: SNYK:JAVA-ORGWEBJARSBOWER-10337226...

40au-isteven-angular-multiselect (=4.0.0), @0negativ/hawtio-integration (>=4.13.7-rc4 <=4.13.7-rc5) +500 more potentially affected by CVE-2025-2336 via angular-sanitize (>=1.3.11 <=1.8.3)

angular-sanitize NPM version =1.3.11, =4.13.7-rc4, =0.0.1, =0.0.1, =0.1.0, =2.0.0, =0.3.2, =0.2.7, =1.0.0, =1.0.0, =0.2.1, =0.0.1, =1.0.0, =3.0.2, =4.16.5 and more Source cves: CVE-2025-2336 Source advisory: OSV:GHSA-4P4W-6HG8-63WX...

Malicious code in frontegg-angular-sanity-check (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85f18cbdaf7836cc4a267525da5ee029eb20efcf6f1ef0e2208a62448a14ef8f Any computer that has this package installed or running should be considered...

MAL-2025-4550 Malicious code in angular-tealium (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0c32462ecdeacbbbfee96fd4f6e31ce41d373f68b0ebb3ec17667e26a9ee66d Any computer that has this package installed or running should be considered...

Malicious code in angular-tealium (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0c32462ecdeacbbbfee96fd4f6e31ce41d373f68b0ebb3ec17667e26a9ee66d Any computer that has this package installed or running should be considered...

CVE-2024-22200

vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0...

CVE-2024-54152

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex undisclosed payload, one can get full access...

CVE-2024-33665

angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks...