CVE-2018-11537

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain...

Design/Logic Flaw

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain...

CVE-2018-11537

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain...

CVE-2018-11537

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain...

CVE-2018-11537

Auth0 angular-jwt (before v0.1.10) is affected: entries in whiteListedDomains are treated as regular expressions, allowing a crafted domain to bypass the domain allowlist/whitelist filter. This misinterpretation can enable unauthorized access by crafting domains that match the regex pattern (e.g....

ag-grid cross-site scripting vulnerability

ag-grid is a data grid component designed primarily for JavaScript frameworks . A cross-site scripting vulnerability exists in ag-grid. When AngularJ is used with ag-grid, a remote attacker can exploit this vulnerability to inject code with the help of Angular expressions...

CVE-2018-3713

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path...

Path traversal

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path...

CVE-2018-3713

CVE-2018-3713 concerns a path-traversal in the node module angular-http-server caused by lack of validation of possibleFilename, allowing a remote attacker to read arbitrary files on the server. Public reports and advisories (GHSA-4RVG-955W-H68Q; OSV; CNVD; PRION; NVD) consistently identify angul...

CVE-2018-3713

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path...

PT-2018-16137 · Node.Js · Angular-Http-Server

Name of the Vulnerable Software and Affected Versions: angular-http-server versions prior to 1.6.0 Description: The angular-http-server node module has a Path Traversal issue due to the lack of validation of the possibleFilename variable, allowing a malicious user to read the content of any file...

i18n-node-angular Multiple Vulnerabilities

i18n-node-angular is a tool that supports the use of i18n nodes in AngularJS applications. A denial of service and content injection vulnerability exists in REST endpoints in versions prior to i18n-node-angular 1.4.0. An attacker can exploit this vulnerability to cause a denial of service or...

CVE-2017-16009

ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting XSS via Angular Expressions, if AngularJS is used in combination with ag-grid...

PT-2018-6038 · Ag Grid +1 · Ag-Grid +1

Name of the Vulnerable Software and Affected Versions: ag-grid affected versions not specified Description: The issue concerns Cross-site Scripting XSS via Angular Expressions when ag-grid is used in combination with AngularJS. Recommendations: Avoid using ag-grid in combination with AngularJS...

CVE-2016-10524

i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of...

Design/Logic Flaw

i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of...

CVE-2016-10524

CVE-2016-10524 affects i18n-node-angular. A REST endpoint intended for development was not disabled in production in versions before 1.4.0, allowing a malicious user to cause a Denial of Service or content injection. The issue is documented across NVD/NVD mirror entries and corroborated by multip...

CVE-2016-10524

i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of...

Passit: Insecure opening of external links in app.passit.io/list allows for reverse tabnabbing

Description https://app.passit.io/list renders external links under attacker control that open in a new tab such that the opened tab has access to the opening tab where the user was just browsing on app.passit.io via window.opener. This is likely due to the lack of specifying a rel="noopener"...

Path Traversal

Overview Versions of angular-http-server before 1.4.4 are vulnerable to path traversal. Recommendation Update to version 1.4.4 or later. References - HackerOne Reporthttps://hackerone.com/reports/330349 - Commit 8bafc95 - GitHub Advisory...