GHSA-M2H2-264F-F486 angular vulnerable to regular expression denial of service (ReDoS)

AngularJS lets users write client-side web applications. The package angular after 1.7.0 is vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very...

AngularJS 安全漏洞

AngularJS is an open source web application framework based on TypeScript. A security vulnerability exists in AngularJS version 1.7.0 and above, which stems from the fact that it provides a customized zone rule that can be used to assign a parameter in posPre, which can be exploited by an attacke...

Regular Expression Denial of Service (ReDoS)

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of...

AngularJS Unsupported Version

The installation of AngularJS detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...

FreeBSD : Grafana -- XSS (4b478274-47a0-11ec-bd24-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4b478274-47a0-11ec-bd24-6c3be5272acd advisory. - Grafana is an open-source platform for monitoring and observability. In affected versions if an...

XSS vulnerability allowing arbitrary JavaScript execution

Today we are releasing Grafana 8.2.3. This patch release includes an important security fix for an issue that affects all Grafana versions from 8.0.0-beta1. Grafana Cloud instances have already been patched and an audit did not find any usage of this attack vector. Grafana Enterprise customers we...

[ASA-202111-5] grafana: cross-site scripting

Arch Linux Security Advisory ASA-202111-5 ========================================= Severity: Medium Date : 2021-11-05 CVE-ID : CVE-2021-41174 Package : grafana Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-2517 Summary ======= The package grafana before versi...

CVE-2021-41174

Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the...

CVE-2021-41174

Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the...

UBUNTU-CVE-2021-41174

Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the...

Path traversal

Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the...

CVE-2021-41174 XSS vulnerability allowing arbitrary JavaScript execution

Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the...

CVE-2021-41174

Summary of CVE-2021-41174 (Grafana): Grafana 8.x is vulnerable to an AngularJS rendering cross-site scripting (XSS) when an attacker entices a victim to visit a crafted URL containing AngularJS interpolation bindings (e.g., {{…}}). The exploit requires the victim to be unauthenticated and to visi...

CVE-2021-41174

A cross-site scripting XSS vulnerability in grafana allows an attacker to execute arbitrary JavaScript code in the browser of a victim user. An attacker may send a link referencing a page where the victim is unauthenticated and contains the login button and including interpolation binding...

grafana 跨站脚本漏洞

Grafana is a set of open source monitoring tools from Grafana Labs that provide a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus. A cross-site scripting vulnerability exists in Grafana that stems from a failure to validate a URL,...

Grafana -- XSS

Grafana Labs reports: If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim’s browser. The user visiting the malicious link must be unauthenticated, and the link must be for a page th...

Security Bulletin: Multiple vulnerabilities in AngularJS

Summary IBM has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2020-7676 DESCRIPTION: angular.js is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web pa...

Security Bulletin: IBM MQ Appliance is affected by multiple AngularJS vulnerabilities

Summary IBM MQ Appliance has resolved multiple AngularJS vulnerabilities. Vulnerability Details CVEID: CVE-2020-7676 DESCRIPTION: angular.js is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject...

Acronis: Self-DoS due to template injection via email field in password reset form on access.acronis.com

Summary HI acronis security team , how are you I hope everyone is OK in the other side of the screen . I found Template Injection in https://access.acronis.com/resetpassword/new via the mail input . Steps To Reproduce: 1. Open https://access.acronis.com/resetpassword/new and Enter the mail Payloa...

Security Bulletin: IBM License Key Server Administration and Reporting Tool is impacted by multiple vulnerabilities in jQuery, Bootstrap and AngularJS

Summary Multiple vulnerabilities have been found in jQuery, Bootstrap and AngularJS libraries that are used by IBM License Key Server LKS Administration and Reporting Tool ART. Mitigations have been identified and a fix has been published. Vulnerability Details CVEID: CVE-2019-14863 DESCRIPTION:...