308 matches found
CVE-2024-8373
Improper sanitization of the value of the srcset attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects all versions of...
CVE-2024-8373 AngularJS improper sanitization in '<source>' element
Improper sanitization of the value of the srcset attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects all versions of...
CVE-2024-8373 AngularJS improper sanitization in '<source>' element
Improper sanitization of the value of the srcset attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects all versions of...
CVE-2024-8373
CVE-2024-8373 affects AngularJS across distributions; root cause is improper sanitization of the srcset attribute in HTML elements, enabling potential Content Spoofing. Affected versions are older AngularJS; Debian LTS advisory (DLA-4242) fixes angular.js to 1.8.3-1+deb12u1~deb11u1, and related ...
CVE-2024-8372 AngularJS improper sanitization in 'srcset' attribute
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...
CVE-2024-8372 AngularJS improper sanitization in 'srcset' attribute
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...
CVE-2024-8372
CVE-2024-8372 affects AngularJS; the issue is an improper sanitization of the srcset value (and related attributes) in AngularJS’s HTML rendering, allowing attackers to bypass image source restrictions and potentially enable Content Spoofing. Affected versions include 1.3.0-rc.4 and later. The An...
CVE-2024-8372
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...
AngularJS 安全漏洞
AngularJS is a TypeScript-based open source web application framework from AngularJS Open Source. A security vulnerability exists in AngularJS version 1.3.0-rc.4 and later, which stems from improper cleanup of the srcset attribute value...
AngularJS 安全漏洞
AngularJS is a TypeScript-based open source web application framework from AngularJS Open Source. A security vulnerability exists in AngularJS that stems from mishandling the value of the srcset attribute in the source HTML element, which could allow an attacker to bypass common image source...
CVE-2024-8372
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...
CVE-2024-8373
Improper sanitization of the value of the srcset attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects all versions of...
Security Bulletin: Multiple vulnerabilities in angular.js affect IBM Business Automation Workflow.
Summary IBM Business Automation Workflow packages a vulnerable copy of angular.js. Vulnerability Details CVEID:CVE-2023-26117 DESCRIPTION: AngularJS is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the $resource service. By providing...
PT-2024-38978
Name of the Vulnerable Software and Affected Versions: AngularJS versions all Description: The issue is related to improper sanitization of the value of the srcset attribute in HTML elements in AngularJS, allowing attackers to bypass common image source restrictions. This can also lead to a form ...
PT-2024-38977
Name of the Vulnerable Software and Affected Versions: AngularJS versions 1.3.0-rc.4 and greater Description: The issue is due to improper sanitization of the value of the srcset attribute in AngularJS, allowing attackers to bypass common image source restrictions. This can lead to a form of...
RHEL 6 : angularjs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - angularjs: Regular Expression Denial of Service via the element CVE-2023-26118 - Versions of the package...
RHEL 9 : Red Hat OpenStack Platform 17.0 (python-XStatic-Angular) (RHSA-2023:0274)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0274 advisory. Angular JavaScript library packaged for setuptools easyinstall / pip. Security Fixes: Prototype pollution in merge function could result in code...
BIT-GRAFANA-2021-41174 XSS vulnerability allowing arbitrary JavaScript execution
Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the...
Security Bulletin: Multiple AngularJS Vulerabilities Affects IBM OpenPages with Watson
Summary AngularJS library is used by IBM OpenPages. Multiple vulnerabilties are being disclosed from AngularJS within this bulletin. These vulnerabilities are addressed. Vulnerability Details CVEID:CVE-2023-26117 DESCRIPTION: AngularJS is vulnerable to a denial of service, caused by a regular...
PortSwigger Web Security: CSP bypass on PortSwigger.net using Google script resources
A cross-site scripting vulnerability was discovered on PortSwigger.net. The site's content security policy allowed resources from Google's reCAPTCHA domain, which contains AngularJS. This could be abused to bypass the CSP and load arbitrary scripts from other domains. The issue allowed an attacke...