CVE-2021-32816

ProtonMail Web Client is the official AngularJS web client for the ProtonMail secure email service. ProtonMail Web Client before version 3.16.60 has a regular expression denial-of-service vulnerability. This was fixed in commit 6687fb. There is a full report available in the referenced...

Code injection

ProtonMail Web Client is the official AngularJS web client for the ProtonMail secure email service. ProtonMail Web Client before version 3.16.60 has a regular expression denial-of-service vulnerability. This was fixed in commit 6687fb. There is a full report available in the referenced...

CVE-2021-32816

ProtonMail Web Client (AngularJS) before v3.16.60 is affected by a regular expression denial-of-service vulnerability. The issue stems from the regex handling in the Web Client and can be triggered client-side, leading to resource exhaustion. It has been fixed in commit 6687fb. A full report is a...

AngularJS ProtonMail Web Client 资源管理错误漏洞

AngularJS is an open source web application framework based on TypeScript.ProtonMail Web Client is an AngularJS web client. AngularJS ProtonMail Web Client is vulnerable to a resource management error vulnerability that stems from the presence of a regular expression denial of service vulnerabili...

AngularJS < 1.8.0 Cross-Site Scripting

According to its self-reported version number, AngularJS is prior to 1.8.0. Therefore, it may be affected by a a Cross-Site Scripting XSS vulnerability through the wrapping of elements in ones. Note that the scanner has not tested for these issues but has instead relied only on the application's...

AngularJS < 1.7.9 Prototype Pollution

According to its self-reported version number, AngularJS is prior to 1.7.9. Therefore, it may be affected by a prototype pollution vulnerability through merge function. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

AngularJS: Prototype pollution in merge function could result in code injection

A prototype pollution vulnerability was found in AngularJS. A remote attacker could abuse this flaw by providing malicious input to the merge function by overriding or adding properties of the Object.prototype, allowing possible injection of code...

U.S. Dept Of Defense: Sending trusted ████ and ██████████ emails through public API endpoint in ███████ site

Summary: A publicly accessible endpoint at PUT https://████████does not validate any of its four parameters: to, from, subject, text. This enables sending email to any address, with any content, with any from address, on a server that is in ██████whitelist. Such services include, but are not...

AngularJS: Prototype pollution in merge function could result in code injection

A prototype pollution vulnerability was found in AngularJS. A remote attacker could abuse this flaw by providing malicious input to the merge function by overriding or adding properties of the Object.prototype, allowing possible injection of code...

Security Bulletin: Multiple vulnerabilities in AngularJS and jQuery affect IBM Spectrum LSF Simulator

Summary There are multiple vulnerabilities in AngularJS and jQuery used by IBM Spectrum LSF Simulator. IBM Spectrum LSF Simulator has addressed the applicable CVEs. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...

GHSA-WFW3-RGFR-6G67 XSS via Angular Expression in ag-grid

Affected versions of ag-grid are vulnerable to Cross-site Scripting XSS via Angular Expressions, if used in combination with AngularJS. Recommendation Avoid using ag-grid in combination with AngularJS until a fix is available...

XSS via Angular Expression in ag-grid

Affected versions of ag-grid are vulnerable to Cross-site Scripting XSS via Angular Expressions, if used in combination with AngularJS. Recommendation Avoid using ag-grid in combination with AngularJS until a fix is available...

BugPoC: Solution for XSS challenge calc.buggywebsite.com

Summary: http://calc.buggywebsite.com/ is a angular site designed as a calculator. After observing the source code , there is iframe frame.html with functionality of displaying the data of postmessage in the webpage. js window.addEventListener"message", receiveMessage, false; function...

XSS via JQLite DOM manipulation functions in AngularJS

Summary XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith, JQLite.append, new JQLite and angular.element. Description JQLite DOM manipulation library...

GHSA-5CP4-XMRW-59WF XSS via JQLite DOM manipulation functions in AngularJS

Summary XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith, JQLite.append, new JQLite and angular.element. Description JQLite DOM manipulation library...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith,...

AngularJS Cross-Site Scripting Vulnerability (CNVD-2020-53539)

AngularJS is a TypeScript-based open source web application framework. A cross-site scripting vulnerability exists in angular.js versions prior to 1.8.0. The vulnerability stems from the lack of proper validation of client-side data in the WEB application. An attacker can exploit the vulnerabilit...

UBUNTU-CVE-2020-7676

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

Cross-site Scripting (XSS)

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping elements in ones changes parsing...

Security Bulletin: IBM Tivoli Netcool Impact is affected by an Arbitrary Script Injection vulnerability (CVE-2019-4681)

Summary IBM Tivoli Netcool Impact has addressed the following Arbitrary Script Injection vulnerability. Affected version of AngularJS shipped as a component of IBM Tivoli Netcool Impact. Vulnerability Details CVEID: CVE-2019-4681 DESCRIPTION: IBM Tivoli Netcool Impact is vulnerable to cross-site...