Project iKy - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface

Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Project First of all we want to advice you that we have changed the Frontend from AngularJS to Angular 7. For this reason we left the project with...

Denial Of Service (DoS)

@angular/platform-browser is vulnerable to denial of service DoS attacks. The vulnerability exists as clobbered elements can freeze the browser, causing DoS attacks...

Card-Skimming Scripts Hide Behind Google Analytics, Angular

A host of credit card-stealing scripts have popped up on the web, injected into websites and purporting to be legitimate Google Analytics or Angular utilities in order to avoid webmaster notice. According to research from Sucuri, the malicious code is obfuscated and injected into legitimate JS...

ecobee: CSTI on https://www.ecobee.com leads to XSS

Summary: Hi EcoBee team, the https://www.ecobee.com domain is vulnerable against angular injection via CSTI, that leads to XSS. Steps To Reproduce: 1. Go on https://www.ecobee.com/?s=x%20=%20%27y%27:%27%27.constructor.prototype;%20x%27y%27.charAt=.join;$eval%27x=alert/Mik/%27; 1. XSS executed...

GHSA-97GV-3P2C-XW7J Denial of Service and Content Injection in i18n-node-angular

Versions of i18n-node-angular prior to 1.4.0 are affected by denial of service and cross-site scripting vulnerabilities. The vulnerabilities exist in a REST endpoint that was created for development purposes, but was not disabled in production in affected versions. Recommendation Update to versio...

Denial of Service and Content Injection in i18n-node-angular

Versions of i18n-node-angular prior to 1.4.0 are affected by denial of service and cross-site scripting vulnerabilities. The vulnerabilities exist in a REST endpoint that was created for development purposes, but was not disabled in production in affected versions. Recommendation Update to versio...

Cross-Site Scripting (XSS)

angular-gettext is vulnerable to cross-site scripting. interpolationContext is passed to getString or getPlural functions in dist/angular-gettext.js and src/directive.js, which allows attackers to inject arbitrary Javascript code into a victim's browser when the attribute...

angular-rome (>=0.2.4 <=0.2.9), api-gate (>=0.0.8 <=0.0.14) +74 more potentially affected by CVE-2018-16487 +1 more via lodash._basemerge (>=2.0.0 <=2.4.1)

lodash.basemerge NPM version =2.0.0, =0.2.4, =0.0.8, =0.1.2, =0.5.0, =0.0.3, =0.0.2, =0.0.0, =0.1.3, =0.0.0, =0.0.1, =0.0.1, =0.0.1, =1.0.18, =1.1.16 and more Source cves: CVE-2018-16487, CVE-2018-3721 Source advisory: SNYK:JS-LODASHBASEMERGE-450200...

Directory Traversal

angular-http-server is vulnerable to directory traversal attacks. A malicious can send a curl request such as curl --path-as-is 'http://127.0.0.1:6060//etc/passwd' to gain access to sensitive files on the server. This vulnerability is related to CVE-2018-3713...

Sensitive Information Leakage

IdentityServer3 is vulnerable to sensitive information leakage. The leakage of identityserver responses is possible because there is a flaw in Angular expression on the authorize response page...

Cross-site Scripting (XSS)

angular-redactor is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of user input that is used in an eval call...

CVE-2018-13339

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...

CVE-2018-13339

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...

Cross site scripting

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...

CVE-2018-13339

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...

CVE-2018-13339

CVE-2018-13339 affects Imperavi Redactor 3 in Angular Redactor 1.1.6 when HTML content mode is used, enabling a stored XSS as demonstrated by an onerror attribute in an IMG element; related to CVE-2018-7035. Several adjacent advisories (OSV/GHSA variants) describe the same XSS class and the root ...

ShopNx - Arbitrary File Upload

ShopNx - Arbitrary File Upload Exploit Title: ShopNx - Angular5 Single Page Shopping Cart Application 1 - Arbitrary File Upload Date: 2018-07-03 Exploit Author: L0RD Email: [email protected] Vendor Homepage: http://codenx.com/ Version: 1 CVE: CVE-2018-12519 Tested on: Win 10...

angular-http-server path traversal vulnerability

angular-http-server is an HTTP server for deploying single page applications. A path traversal vulnerability exists in angular-http-server, which stems from the program's lack of checksums on possibleFilename. An attacker can exploit this vulnerability to read the contents of an arbitrary file wi...

Authorization Bypass

angular-jwt is vulnerable to authorization bypasses. The library's whitelist entries are treated as regular expressions meaning that the . separator will match any character. This allows a malicious user to set up a domain name to bypass the whitelist filter e.g. if the entry is example.entry.io,...

ShopNx 1 Arbitrary File Upload Vulnerability

ShopNx 1 an Angular 5 single page application. ShopNx 1 suffers from an arbitrary file upload vulnerability that allows an attacker to upload a malicious html file or other file containing a JavaScript payload to steal user credentials...