Prototype Pollution

Overview Versions of angular prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function merge does not restrict the modification of an Object's prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendatio...

@amitport/useful (>=0.5.0 <=0.5.2), @arivazhagan/demo-project (=1.0.1) +965 more potentially affected by CVE-2019-10768 via angular (>=0.0.1 <=1.7.8)

angular NPM version =0.0.1, =0.5.0, =0.0.8, =2.3.0, =1.5.8, =2.8.3-2, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.2.24, =0.0.1, =0.0.1, =0.0.5, =0.1.7 and more Source cves: CVE-2019-10768 Source advisory: OSV:GHSA-89MQ-4X47-5V83...

GHSA-89MQ-4X47-5V83 angular Prototype Pollution vulnerability

Versions of angular prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function merge does not restrict the modification of an Object's prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation Upgrade...

angular Prototype Pollution vulnerability

Versions of angular prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function merge does not restrict the modification of an Object's prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation Upgrade...

PT-2020-9608

Name of the Vulnerable Software and Affected Versions angular versions prior to 1.5.0-beta.0 angular versions prior to 1.5.0-beta.1 Description The issue allows attackers to execute arbitrary JavaScript in a victim's browser if the xlink:href attribute value is user-controlled, due to the package...

Prototype Pollution

Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...

@amitport/useful (>=0.5.0 <=0.5.2), @arivazhagan/demo-project (=1.0.1) +833 more potentially affected by CVE-2019-10768 via angular (>=1.4.0 <=1.7.8)

angular NPM version =1.4.0, =0.5.0, =0.0.8, =2.3.0, =1.5.8, =2.8.3-2, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.2.24, =0.0.1, =0.0.1, =0.0.5, =0.1.7 and more Source cves: CVE-2019-10768 Source advisory: SNYK:JS-ANGULAR-534884...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution. The function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload. PoC by Snyk angular.merge, JSON.parse'"proto": "xxx": "polluted"'; console.log.xxx; Details Prototyp...

Cross-Site Scripting (XSS)

angular is vulnerable to cross-site scripting XSS. There is no $sce protection against linkhref, which would allow a remote attacker to inject arbitrary Javascript into a victim's browser via RESOURCEURL...

CVE-2019-14863

A cross-site scripting XSS flaw was found in Angular. This flaw occurs due to improper sanitation of xlink:href attributes, which allows the web application to deliver data to users, along with other trusted content, without proper validation...

Project iKy v2.0.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface

Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Project First of all we want to advice you that we have changed the Frontend from AngularJS to Angular 7. For this reason we left the project with...

EA Origin Template Injection Remote Code Execution

Exploit Title: EA Origin 10.5.36 Template Injection Remote Code Execution Date: 04/19/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.36 and below Tested on: Windows 10 CVE :...

@amitport/useful (>=0.5.0 <=0.5.2), @bb-cli/bb-test-plugin-ngmock (=1.5.8) +687 more potentially affected by unknown CVE via angular (>=0.0.1 <=1.5.9)

angular NPM version =0.0.1, =0.5.0, =0.2.7, =1.0.21, =0.2.1, =1.10.5, =0.2.0, =0.2.0-dev, =1.2.6, =0.3.2, =1.0.0, =1.0.0, =3.0.2, =4.5.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-28HP-FGCR-2R4H...

Project iKy - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface

Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Project First of all we want to advice you that we have changed the Frontend from AngularJS to Angular 7. For this reason we left the project with...

New Relic: CSTI fix (#587829) bypass leading to stored XSS at plugins again

@skavans discovered a workaround for previous XSS mitigations. This led to a more robust approach to filtering dangerous content in Angular templates...

Malicious Package

Overview Version 0.0.3 of angular-location-update contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your...

Malicious Package

angluar-cli is a malicious package. It contains malicious codes in its post-install scripts which attempt to remove files and stop processes related to McAfee antivirus on macOS...

GHSA-VMHW-FHJ6-M3G5 Path Traversal in angular-http-server

Versions of angular-http-server before 1.4.4 are vulnerable to path traversal. Recommendation Update to version 1.4.4 or later...

Path Traversal in angular-http-server

Versions of angular-http-server before 1.4.4 are vulnerable to path traversal. Recommendation Update to version 1.4.4 or later...

New Relic: CSTI at Plugin page leading to active stored XSS (Publisher name)

Hey team, I have discovered the CSTI vulnerability at NR single Plugin page leading to stored XSS. To plant the payload you need to publish new plugin using account having the payload inside its name. Below I show you the easiest way to reproduce this using a python script which creates the new...