308 matches found
CVE-2019-10768
A prototype pollution vulnerability was found in AngularJS. A remote attacker could abuse this flaw by providing malicious input to the merge function by overriding or adding properties of the Object.prototype, allowing possible injection of code...
CVE-2020-6200
The SAP Commerce SmartEdit Extension, versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting XSS that exploits the templating facilities of the angular framework...
CVE-2020-6200
The SAP Commerce SmartEdit Extension, versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting XSS that exploits the templating facilities of the angular framework...
Cross site scripting
The SAP Commerce SmartEdit Extension, versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting XSS that exploits the templating facilities of the angular framework...
CVE-2020-6200
The SAP Commerce SmartEdit Extension, versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting XSS that exploits the templating facilities of the angular framework...
CVE-2020-6200
SAP Commerce SmartEdit Extension (versions 6.6, 6.7, 1808, 1811) is affected by a client-side AngularJS template injection vulnerability (a type of XSS) in Angular templating facilities. Root cause: improper handling of template data in the client, per the CVE-2020-6200 descriptions. Impact is XS...
GHSA-R5FX-8R73-V86C AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes
Versions of angular prior to 1.5.0-beta.1 are vulnerable to Cross-Site Scripting. The package fails to sanitize xlink:href attributes, which may allow attackers to execute arbitrary JavaScript in a victim's browser if the value is user-controlled. Recommendation Upgrade to version 1.5.0-beta.1 or...
AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes
Versions of angular prior to 1.5.0-beta.1 are vulnerable to Cross-Site Scripting. The package fails to sanitize xlink:href attributes, which may allow attackers to execute arbitrary JavaScript in a victim's browser if the value is user-controlled. Recommendation Upgrade to version 1.5.0-beta.1 or...
Security Bulletin: IBM InfoSphere Information Analyzer is affected by an AngularJS client-side template injection vulnerability
Summary An AngularJS client-side template injection vulnerability was addressed by IBM InfoSphere Information Analyzer. Vulnerability Details CVEID: CVE-2019-4660DESCRIPTION: It is possible to inject AngularJS template syntax in an internal page request within Information Analyzer, which is...
AngularJS Cross-Site Scripting Vulnerability
AngularJS is a TypeScript-based open source web application framework. A cross-site scripting vulnerability exists in AngularJS, which stems from the lack of proper validation of client-side data in a WEB application and can be exploited by an attacker to execute client-side code...
Prototype Pollution
angularjs is vulnerable to prototype pollution. An attacker is able to add or modify properties of the Object.prototype by using a malicious proto object in the merge function, resulting in possible execution of arbitrary code...
AngularJS Input Validation Error Vulnerability
AngularJS is a TypeScript-based open source web application framework. An input validation error vulnerability exists in AngularJS versions prior to 1.7.9, which can be exploited by an attacker via the proto payload to trick the merge function into adding or modifying properties of Object.prototy...
CVE-2019-10768
In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...
CVE-2019-10768
In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...
DEBIAN-CVE-2019-10768
In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...
UBUNTU-CVE-2019-10768
In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...
Code injection
In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...
CVE-2019-10768
In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...
CVE-2019-10768
In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...
CVE-2019-10768
In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...