Incomplete Filtering of Special Elements

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements due to improper sanitization of the href and xlink:href attributes in SVG elements. An attacker can bypass image...

Improper Validation of Unsafe Equivalence in Input

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the srcset attribute, which allows bypassing the imgSrcSanitizationTrustedUrlList allowlist. An attacke...

Incomplete Filtering of Special Elements

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements. The srcset attribute in an HTML element can be a vector for content spoofing. An attacker can manipulate the conten...

Regular Expression Denial of Service (ReDoS)

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this...

Regular Expression Denial of Service (ReDoS)

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is...

DEBIAN-CVE-2022-25869

All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting XSS due to insecure page caching in the Internet Explorer browser, which allows interpolation of elements...

UBUNTU-CVE-2022-25869

All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting XSS due to insecure page caching in the Internet Explorer browser, which allows interpolation of elements...

CVE-2022-25869

All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting XSS due to insecure page caching in the Internet Explorer browser, which allows interpolation of elements...

Cross-site Scripting (XSS)

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insecure page caching in the Internet Explorer browser, which allows interpolation of elements. Details Cross-site scripting ...

Regular Expression Denial of Service (ReDoS)

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of...

Cross-site Scripting (XSS)

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping elements in ones changes parsing...

Prototype Pollution

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Prototype Pollution. The function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload. PoC by Snyk...

Arbitrary Script Injection

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Arbitrary Script Injection due to improper sanitization of the $event object passed to the native constructor functions. That isn't protected by the fast pat...

Cross-site Scripting (XSS)

Overview AngularJS.Core is a AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Cross-site Scripting XSS. Concatenating expressions makes it hard to reason about whether some combination of concatenated values are unsafe to use and could...