CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1353 matches found

Prion•added 2020/01/17 6:15 p.m.•14 views

Design/Logic Flaw

A Stored Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation...

4.3CVSS6.4AI score0.01907EPSS

Exploits0References2Affected Software1

CVE•added 2020/01/17 5:44 p.m.•111 views

CVE-2019-17127

Summary: CVE-2019-17127 describes a Stored Client Side Template Injection (CSTI) in SolarWinds Orion Platform 2019.2 HF1. The vulnerability allows an attacker to inject an Angular expression and escape the Angular sandbox, causing stored XSS and potential privilege escalation. The affected compon...

6.1CVSS6.3AI score0.01907EPSS

Exploits0References2Affected Software1

Cvelist•added 2020/01/17 5:44 p.m.•8 views

CVE-2019-17127

6.4AI score0.01907EPSS

Exploits0References2

CVE•added 2020/01/17 5:42 p.m.•107 views

CVE-2019-17125

CVE-2019-17125 concerns a Reflected Client‑Side Template Injection (CSTI) in SolarWinds Orion Platform 2019.2 HF1. The CSTI arises via Angular expressions that attackers can inject to escape the Angular sandbox, enabling stored XSS across multiple input vectors within the Orion Web UI. The NVD en...

6.1CVSS6.3AI score0.02383EPSS

Exploits0References2Affected Software1

Cvelist•added 2020/01/17 5:42 p.m.•13 views

CVE-2019-17125

A Reflected Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS...

6.4AI score0.02383EPSS

Exploits0References2

Node.js•added 2020/01/10 8:46 p.m.•95 views

Cross-Site Scripting

Overview Versions of angular prior to 1.5.0-beta.1 are vulnerable to Cross-Site Scripting. The package fails to sanitize xlink:href attributes, which may allow attackers to execute arbitrary JavaScript in a victim's browser if the value is user-controlled. Recommendation Upgrade to version...

4.3CVSS4.4AI score0.00097EPSS

Exploits0Affected Software1

NVD•added 2020/01/02 3:15 p.m.•17 views

CVE-2019-14863

There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...

7.1CVSS6.6AI score0.00097EPSS

Exploits0References2

OSV•added 2020/01/02 3:15 p.m.•2 views

DEBIAN-CVE-2019-14863

6.1CVSS6.8AI score0.00097EPSS

Exploits0References1

OSV•added 2020/01/02 3:15 p.m.•20 views

CVE-2019-14863

6.1CVSS6.5AI score0.00097EPSS

Exploits0References2

UbuntuCve•added 2020/01/02 3:15 p.m.•32 views

CVE-2019-14863

7.1CVSS6.7AI score0.00097EPSS

Exploits0References3

Prion•added 2020/01/02 3:15 p.m.•24 views

Design/Logic Flaw

4.3CVSS6.2AI score0.00097EPSS

Exploits0References2Affected Software3

OSV•added 2020/01/02 3:15 p.m.•0 views

UBUNTU-CVE-2019-14863

7.1CVSS6.8AI score0.00097EPSS

Exploits0References4

Debian CVE•added 2020/01/02 2:20 p.m.•27 views

CVE-2019-14863

7.1CVSS6.8AI score0.00097EPSS

Exploits0

Cvelist•added 2020/01/02 2:20 p.m.•23 views

CVE-2019-14863

7.1CVSS6.3AI score0.00097EPSS

Exploits0References2

CVE•added 2020/01/02 2:20 p.m.•165 views

CVE-2019-14863

CVE-2019-14863 affects AngularJS: all versions before 1.5.0-beta.0 are vulnerable to cross-site scripting due to unvalidated data delivered with trusted dynamic content after escaping context. The CVE is referenced in multiple sources (e.g., Ubuntu USN-7958-1, IBM Security Bulletins). Impact is c...

7.1CVSS6.1AI score0.00097EPSS

Exploits0References2Affected Software1

Kitploit•added 2019/12/08 9:4 p.m.•135 views

Ngrev - Tool For Reverse Engineering Of Angular Applications

Graphical tool for reverse engineering of Angular projects. It allows you to navigate in the structure of your application and observe the relationship between the different modules, providers, and directives. The tool performs static code analysis which means that you don't have to run your...

7.4AI score

Exploits0References3

RedHat Linux•added 2019/12/03 3:13 p.m.•59 views

Important: Red Hat Security Advisory: Red Hat Process Automation Manager 7.5.1 Security Update

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

7.1CVSS6.7AI score0.00619EPSS

Exploits1References5

RedHat Linux•added 2019/12/03 3:13 p.m.•2 views

angular: Cross-site Scripting (XSS) due to no proper sanitization of xlink:href attributes

A cross-site scripting XSS flaw was found in Angular. This flaw occurs due to improper sanitation of xlink:href attributes, which allows the web application to deliver data to users, along with other trusted content, without proper validation...

7.1CVSS6.9AI score0.00097EPSS

Exploits0References5

RedHat Linux•added 2019/12/03 2:58 p.m.•46 views

Important: Red Hat Security Advisory: Red Hat Decision Manager 7.5.1 Security Update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...

7.1CVSS6.7AI score0.00619EPSS

Exploits1References5

RedHat Linux•added 2019/12/03 2:58 p.m.•1 views

angular: Cross-site Scripting (XSS) due to no proper sanitization of xlink:href attributes

7.1CVSS6.9AI score0.00097EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by