@amitport/useful (>=0.5.0 <=0.5.2), @arivazhagan/demo-project (=1.0.1) +1010 more potentially affected by CVE-2020-7676 via angular (>=1.0.8 <=1.7.9)

angular NPM version =1.0.8, =0.5.0, =0.0.8, =2.3.0, =1.5.8, =2.8.3-2, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.2.24, =0.0.1, =0.0.1, =0.0.5, =0.1.7 and more Source cves: CVE-2020-7676 Source advisory: SNYK:JS-ANGULAR-570058...

Cross-site Scripting (XSS)

Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...

@daedalus/angular-handsontable (>=1.0.1 <=1.0.5), @handsontable6/angular (=7.0.0) +20 more potentially affected by CVE-2020-6836 via hot-formula-parser (=2.3.3)

hot-formula-parser NPM version =2.3.3 is affected by a known vulnerability. The following packages have a transitive dependency on hot-formula-parser and may be impacted: - @daedalus/angular-handsontable =1.0.1, =0.1.10, =1.0.2, =1.0.1, =0.1.1, =1.0.0, =1.0.1, =0.1.0, =1.0.1, =0.1.2, =1.0.2 -...

Cross site scripting

The SAP Commerce SmartEdit Extension, versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting XSS that exploits the templating facilities of the angular framework...

@bloomreach/hippo-theme (=2.2.3), @covisint/cui-idm-b2x (>=0.2.1 <=1.3.0) +370 more potentially affected by CVE-2019-14863 via angular (>=0.0.1 <=1.4.9)

angular NPM version =0.0.1, =0.2.1, =0.2.0-dev, =1.2.6, =0.3.2, =1.0.4, =0.1.1, =1.0.4, =1.1.24, =1.0.3, =1.0.12, =1.0.7, =0.0.1, =3.2.10-0, =3.2.10-1 and more Source cves: CVE-2019-14863 Source advisory: OSV:GHSA-R5FX-8R73-V86C...

Mail.ru: [geekbrains.ru] Reflected XSS via Angular Template Injection

Potential XSS due to use of Angular templates...

Acunetix v13 - Web Application Security Scanner

Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix Version 13. The new release comes with an improved user interface and introduces innovations such as the SmartScan engine, malware detection functionality, comprehensive network scanning,...

Remote Code Execution

angular-expressions is vulnerable to remote code execution. An attacker to execute arbitrary Javascript expressions on the system when the function compile is called with user-controlled input...

CVE-2020-5219

Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...

CVE-2020-5219

Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...

Remote code execution

Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...

@openagenda/agenda-docx (>=1.0.2 <=1.2.2), @patrickkeller/fishy-templater (=1.0.0) +30 more potentially affected by CVE-2020-5219 via angular-expressions (>=0.1.0 <=1.0.0)

angular-expressions NPM version =0.1.0, =1.0.2, =1.8.0, =1.0.0, =1.0.0, =0.5.2, =0.7.6, =1.4.0, =0.1.0, =0.2.1 and more Source cves: CVE-2020-5219 Source advisory: OSV:GHSA-HXHM-96PP-2M43...

GHSA-HXHM-96PP-2M43 Remote Code Execution in Angular Expressions

Impact The vulnerability, reported by GoSecure Inc, allows Remote Code Execution, if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...

Remote Code Execution in Angular Expressions

Impact The vulnerability, reported by GoSecure Inc, allows Remote Code Execution, if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...

CVE-2020-5219

The CVE-2020-5219 entry concerns angular-expressions prior to version 1.0.1. The underlying issue is a remote code execution vulnerability triggered when user-supplied input is passed to expressions.compile(userControlledInput). In the browser, this can allow execution of arbitrary browser script...

CVE-2020-5219 Remote Code Execution in Angular Expressions

Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...

CVE-2019-17125

A Reflected Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS...

CVE-2019-17125

A Reflected Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS...

CVE-2019-17127

A Stored Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation...

CVE-2019-17127

A Stored Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation...