308 matches found
Grafana 8.0.0 <= v.8.2.2 - Angularjs Rendering Cross-Site Scripting
Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the...
CVE-2026-44643
CVE-2026-44643 affects the standalone Angular Expressions module used with AngularJS. Before version 1.5.2, an attacker can craft a malicious expression using filters that escapes the sandbox and leads to arbitrary code execution on the system. The vulnerability is fixed in 1.5.2. Affected descri...
GHSA-G485-8J3V-P6X8 @tdurieux/anonymous_github Vulnerable to XSS via Unsanitized GitHub Repository Content Rendering in Anonymous GitHub Origin
Summary Anonymous GitHub fetches repository content e.g., markdown files from GitHub's API and renders it without sanitization. On the client side, markdown is parsed with marked with sanitize: false and injected into the DOM via $sce.trustAsHtml + ng-bind-html, bypassing AngularJS's built-in XSS...
EUVD-2026-25075
Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript executi...
CVE-2026-41468
Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript executi...
CVE-2026-41468 Beghelli Sicuro24 SicuroWeb AngularJS Sandbox Escape via Template Injection
Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript executi...
CVE-2026-41468
Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript executi...
CVE-2026-41468 Beghelli Sicuro24 SicuroWeb AngularJS Sandbox Escape via Template Injection
Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript executi...
CVE-2026-41468
Beghelli Sicuro24 SicuroWeb uses AngularJS 1.5.2, an end-of-life component, which together with in-app template injection enables sandbox escape and arbitrary JavaScript execution in operator browser sessions. This can lead to session hijacking, DOM manipulation, and persistent browser compromise...
PT-2026-34540
Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript executi...
Beghelli Sicuro24 SicuroWeb 安全漏洞
Beghelli Sicuro24 SicuroWeb is a remote security monitoring and alarm management platform provided by the Italian company Beghelli. There are security vulnerabilities in Beghelli Sicuro24 SicuroWeb. These vulnerabilities stem from the inclusion of AngularJS 1.5.2, which contains known sandbox...
Ubuntu: Security Advisory (USN-7958-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7958-1: AngularJS vulnerabilities
It was discovered that AngularJS did not properly sanitize certain xlink:href attributes. A remote attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 16.04 LTS. CVE-2019-14863 It was discovered that AngularJS incorrectly handled certain regular...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 : AngularJS vulnerabilities (USN-7958-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7958-1 advisory. It was discovered that AngularJS did not properly sanitize certain xlink:href attributes. A remot...
CVE-2019-11354
The client in Electronic Arts EA Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices...
Linux Distros Unpatched Vulnerability : CVE-2025-4690
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A regular expression used by AngularJS' linky https://docs.angularjs.org/api/ngSanitize/filter/linky filter to detect URLs in input text is vulnerable to...
EUVD-2017-14351
Malware in sbrugna...
EUVD-2020-27350
Malware in sbrugna...
EUVD-2021-19566
Malware in sbrugna...
EUVD-2020-1346
Malware in sbrugna...