Content Security Policy (CSP) Bypass

Overview Affected versions of this package are vulnerable to Content Security Policy CSP Bypass. Extension URIs resource://... bypass Content-Security-Policy in Chrome and Firefox and can always be loaded. Now if a site already has a XSS bug, and uses CSP to protect itself, but the user has an...

UBUNTU-CVE-2016-4428

Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...

python-django-horizon: XSS in client side template

A DOM-based, cross-site scripting vulnerability has been identified in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description,...

python-django-horizon: XSS in client side template

A DOM-based, cross-site scripting vulnerability has been identified in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description,...

Angular JS template injection vulnerability analysis-vulnerability warning-the black bar safety net

Weekend Mining the vulnerabilities of the process, found an interestingXSS, is to use the Angular JS template to be injected, thereby executing the malicious code, The idea and technology is relatively novel. Angular JS is one of the more popular front end MVC frameworks, many cutting-edge sites...

New Relic: Stored Cross-Site Scripting via Angular Template Injection

It's possible to inject angular expressions into the account settings of a new relic account. This, combined with an angular sandbox escape allows for persistant cross-site scripting which is executed in the browser of any user visiting the affected page. The execution of which could be used to...

Uber: Reflected XSS on developer.uber.com via Angular template injection

developer.uber.com is vulnerable to reflected XSS via Angular template injection. The following url demonstrates the root issue using a trivial payload: https://developer.uber.com/docs/deep-linking?q=wrtz77 If you view the rendered source of the resulting page, you'll find the string 'wrtz49',...

New Relic: Stored XSS through Angular Expression Sandbox Escape

As an Admin of an account, I am able to set the Name of the Account to an Angular expression. This Angular expressions is resolved and executed on the Insights Welcome Page for anyone that is apart of the Account. Due to the ability to invite anyone even current NewRelic users to an Account, it...

Zendesk: Stored XSS via Angular Expression injection on developer.zendesk.com

developer.zendesk.com is vulnerable to stored XSS via Angular template injection. To replicate: Browse to https://developer.zendesk.com Sign up with an arbitrary email address and the following name: "'a'.constructor.prototype.charAt=.join;$eval'x=alert1';" Observe the popup. This is a stored...

Denial of Service and Content Injection

Overview Versions of i18n-node-angular prior to 1.4.0 are affected by denial of service and cross-site scripting vulnerabilities. The vulnerabilities exist in a REST endpoint that was created for development purposes, but was not disabled in production in affected versions. Recommendation Update ...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to unsanitized URIs in ng-srcset. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. $parse allowed arbitrary code execution via Angular expressions under some very specific conditions. The only applications affected by these vulnerabilities are those that match all of the following conditions:...

Cross-site Scripting (XSS)

Overview AngularJS.Core is a AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Cross-site Scripting XSS. DOM event handlers await events to occur e.g. onclick, onkeypress, etc and execute arbitrary Javascript code in accordance to the...