GHSA-53JX-4WWH-GCQJ Malicious Package in angular-location-update

Version 0.0.3 of angular-location-update contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and...

Malicious Package in angluar-cli

Version 0.0.3 of angluar-cli contains malicious code as a postinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed the package attempts to remove files and stop processes related to McAfee antivirus...

@ionic/angular (>=4.3.0 <=4.3.1-dev.201904231448.eb3cbe4), dos-wc-library (>=0.7.7 <=0.7.21) potentially affected by unknown CVE via @ionic/core (>=4.3.0 <=4.3.1-dev.201904231448.eb3cbe4)

@ionic/core NPM version =4.3.0, =4.3.0, =0.7.7, =0.7.21 Source cves: unknown CVE Source advisory: OSV:GHSA-R3XC-47QG-H929...

Malicious Package in angular-material-sidenav-rnd

Version 0.1.1 of angular-material-sidenav-rnd contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.1.1 of this module is found...

GHSA-QMXF-FXQ7-W59F Malicious Package in angular-material-sidenav-rnd

Version 0.1.1 of angular-material-sidenav-rnd contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.1.1 of this module is found...

Malicious Package in angular-bmap

Version 0.0.9 of angular-bmap contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.9 of this module is found installed you wil...

GHSA-W8HG-MXVH-9H57 Malicious Package in angular-bmap

Version 0.0.9 of angular-bmap contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.9 of this module is found installed you wil...

XSS via Angular Expression in ag-grid

Affected versions of ag-grid are vulnerable to Cross-site Scripting XSS via Angular Expressions, if used in combination with AngularJS. Recommendation Avoid using ag-grid in combination with AngularJS until a fix is available...

@corex/argon-theme (>=1.1.1 <=1.1.33), @creative-tim-official/argon-dashboard-free (=1.2.0) +14 more potentially affected by CVE-2016-1000227 via bootstrap-tagsinput (=0.7.1)

bootstrap-tagsinput NPM version =0.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on bootstrap-tagsinput and may be impacted: - @corex/argon-theme =1.1.1, =0.27.0, =0.0.1, =0.1.0, =3.0.0, =1.2.0, =0.1.0, =0.2.0, =0.1.1, =1.2.6, =1.4.0, =0.1.89, =0.2....

Cross-site Scripting (XSS)

@progress/kendo-angular-editor is vulnerable to cross-site scripting XSS. The vulnerability exists as the value of the Editor content element passed through event handlers gets executed without sanitization...

GHSA-J7WP-VJJ6-CP5M Cross-Site Scripting in @progress/kendo-angular-editor

Kendo UI for Angular Editor Component npm package @progress/kendo-angular-editor before version 1.2.3 is vulnerable to Cross-Site Scripting. When the Editor content contains potentially malicious scripts in element event handlers, they get executed. Adding the following content to the Editor valu...

Cross-Site Scripting in @progress/kendo-angular-editor

Kendo UI for Angular Editor Component npm package @progress/kendo-angular-editor before version 1.2.3 is vulnerable to Cross-Site Scripting. When the Editor content contains potentially malicious scripts in element event handlers, they get executed. Adding the following content to the Editor valu...

Cross-Site Scripting

Overview @progress/kendo-angular-editor before version 1.2.3 is vulnerable to Cross-Site Scripting. When the Editor content contains potentially malicious scripts in element event handlers, they get executed. Adding the following content to the Editor value demonstrates the issue: . Recommendatio...

@amitport/useful (>=0.5.0 <=0.5.2), @arivazhagan/demo-project (=1.0.1) +1011 more potentially affected by unknown CVE via angular (>=0.0.1 <=1.7.9)

angular NPM version =0.0.1, =0.5.0, =0.0.8, =2.3.0, =1.5.8, =2.8.3-2, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.2.24, =0.0.1, =0.0.1, =0.0.5, =0.1.7 and more Source cves: unknown CVE Source advisory: OSV:GHSA-5CP4-XMRW-59WF...

CVE-2020-7676

A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

Angular vulnerable to Cross-site Scripting

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping elements in ones changes parsing behavior, leading to possibly unsanitizing code...

@amitport/useful (>=0.5.0 <=0.5.2), @arivazhagan/demo-project (=1.0.1) +1011 more potentially affected by CVE-2020-7676 via angular (>=0.0.1 <=1.7.9)

angular NPM version =0.0.1, =0.5.0, =0.0.8, =2.3.0, =1.5.8, =2.8.3-2, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.2.24, =0.0.1, =0.0.1, =0.0.5, =0.1.7 and more Source cves: CVE-2020-7676 Source advisory: OSV:GHSA-MHP6-PXH8-R675...

GHSA-MHP6-PXH8-R675 Angular vulnerable to Cross-site Scripting

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping elements in ones changes parsing behavior, leading to possibly unsanitizing code...

Cross-site Scripting (XSS)

angular is vulnerable to cross-site scripting XSS. The vulnerability exists as the regex-based replacement, XHTMLTAGREGEXP, could convert sanitized code which has wrapped into , into unsanitized code...

Angular template injection on custom report name field

Summary Report name field is affected by angular template injection which can lead to XSS attacks. Impact Custom report name field can lead to XSS attacks by malicious users. The attacker must have a valid Guardian/CMC login with the ‘Report editor’ capability to leverage this. Mitigation None...