1353 matches found
Malicious Package
Overview Version 0.1.1 of angular-material-sidenav-rnd contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.1.1 of this module i...
Malicious Package
Overview Version 0.0.9 of angular-bmap contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.9 of this module is found installe...
Yamot - Yet Another MOnitoring Tool
yamot is a web-based server-monitoring tool built for small environments with just a handful servers. It takes a minimum of resources which allows the execution on almost every machine, also very old ones. It works best with Linux or BSD. Windows is not part of the server scope. You could use it...
Path Traversal
Overview Versions of angular-http-server before 1.4.3 are vulnerable to path traversal allowing a remote attacker to read files from the server that uses angular-http-server. Recommendation Update to version 1.6.0 or later. Note: This was originally thought to be fixed in version 1.4.3, though...
Path Traversal
angular-http-server is vulnerable to path traversal attacks. Using a string including ../, attackers can traverse the server and any file with a known path...
angular-rome (>=0.2.4 <=0.2.9), api-gate (>=0.0.8 <=0.0.14) +74 more potentially affected by CVE-2018-3721 via lodash._basemerge (>=2.0.0 <=2.4.1)
lodash.basemerge NPM version =2.0.0, =0.2.4, =0.0.8, =0.1.2, =0.5.0, =0.0.3, =0.0.2, =0.0.0, =0.1.3, =0.0.0, =0.0.1, =0.0.1, =0.0.1, =1.0.18, =1.1.16 and more Source cves: CVE-2018-3721 Source advisory: SNYK:JS-LODASHBASEMERGE-450201...
Node.js third-party modules: [angular-http-server] Path Traversal in angular-http-server.js allows to read arbitrary file from the remote server
Hi Guys, angular-http-server https://www.npmjs.com/package/angular-http-server contains Path Traversal vulnerability, which allows malicious user to read content of any file with known path. Module: A very simple application server designed for Single Page App SPA developers...
Cross-site Scripting (XSS)
angular is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization on xml:base attributes, which allows the Firefox browser to render malicious scripts...
Mutation Cross-site Scripting (XSS)
angular is vulnerable to mutation cross-site scripting XSS attack. A malicious user can inject arbitrary Javascript through the innerHTML property that is then executed when the browser mutates it...
Angular-CLI Authentication Bypass
Vulnerability summary The following advisory describes an athentication bypass vulnerability found in Angular-CLI version 1.3.2 The Angular CLI makes “it easy to create an application that already works, right out of the box. It already follows our best practices!” Credit An independent security...
IdentityServer3 authorize response page cross-site scripting vulnerability
IdentityServer3 is a .NET-based access control plug-in for Web applications. A cross-site scripting vulnerability in the Angular expression of the IdentityServer3 authorize response page allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be use...
CVE-2017-12677
IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response...
CVE-2017-12677
IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response...
CVE-2017-12677
IdentityServer3 versions 2.4.x, 2.5.x, and 2.6.x prior to 2.6.1 are affected by a cross-site scripting (XSS) vulnerability on the authorize response page due to an Angular expression. This could allow remote attackers to obtain sensitive information about the IdentityServer authorization response...
WordPress: [mercantile.wordpress.org] Reflected XSS
@zeeshan found a bypass for 230234. Payload used : constructor.constructor'alertdocument.domain' URL to trigger XSS : https://mercantile.wordpress.org/?s=%26%23123%3B%26%23123%3Bconstructor.constructor%28%27alert%28document.domain%29%27%29%28%29%7D%7D&posttype=product ----- Soon after another XSS...
WordPress: Stored self-XSS in mercantile.wordpress.org checkout
Hello Team, Summary after i read this 221893 report, i try to find more security issue there, and i was surprise i found an RCE Via Template Injection. Since on that report i see ng-bindable word, its possible the site also effect by RCE. Step To Reproduce 1. open https://mercantile.wordpress.org...
XSS via Angular Expression
Overview Affected versions of ag-grid are vulnerable to Cross-site Scripting XSS via Angular Expressions, if used in combination with AngularJS. Recommendation Avoid using ag-grid in combination with AngularJS until a fix is available. References - Issue 1287 -...
Cross-site Scripting (XSS)
angular is vulnerable to cross-site scripting XSS attacks. The vulnerability exists because it does not sanitize URI values in the imgsrcset...
Cross-Site Scripting (XSS) Via Sandbox Escaping
angular is vulnerable to cross-site scripting attacks. A malicious user can inject arbitrary javascript by executing angular expressions with sandbox escape characters in them. Starting from version 1.6 onwards, the sandbox feature has been removed from angular. To mitigate this issue, developers...
Rockstar Games: [IMP] - Blind XSS in the admin panel for reviewing comments
@anshumanbh discovered that it is possible to exploit a Blind XSS vulnerability under the "MOUTHOFF TO ROCKSTAR" section while providing feedback. The result is a XSS vulnerability being exploited on an internal Rockstar Games domain. The way this worked was that an attacker would submit a...