Cross site scripting

ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting XSS via Angular Expressions, if AngularJS is used in combination with ag-grid...

CVE-2017-16009

The CVE-2017-16009 entry affects ag-grid when used with AngularJS, where Angular Expressions can be exploited to trigger Cross-site Scripting (XSS). The vulnerability arises from how AngularJS interacts with ag-grid, enabling injected expressions to run in the context of the page. Several connect...

CVE-2017-16009

ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting XSS via Angular Expressions, if AngularJS is used in combination with ag-grid...

PT-2018-6038 · Ag Grid +1 · Ag-Grid +1

Name of the Vulnerable Software and Affected Versions: ag-grid affected versions not specified Description: The issue concerns Cross-site Scripting XSS via Angular Expressions when ag-grid is used in combination with AngularJS. Recommendations: Avoid using ag-grid in combination with AngularJS...

Cross-site Scripting

ag-grid is vulnerable to Cross-site Scripting XSS via Angular Expressions, if AngularJS is used in combination with ag-grid...

Rockstar Games: stored XSS (angular injection) in support.rockstargames.com using zendesk register form via name parameter

In this report, the researcher discovered that registering for our Support site using the Zendesk Registration Form allowed for entering an AngularJS Template Injection payload as the Username. This could have allowed an attacker to perform Stored XSS attacks or similar. We deployed a fix for thi...

Intentionally Insecure Webapp for Security Training: OWASP Juice Shop

OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in JavaScript which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express and AngularJS. It was the first application written entirely in JavaScri...

MyCrypto: DOM Based XSS in mycrypto.com

Description & PoC The "connected successfully" message is printed out without any output sanitation: F271357 This is how it's being printedthis code snippet is taken from mycrypto-master.js, line 4072: F271359 An attacker can simply put his payload at the link and it'll be embedded within the pag...

Making simple Nmap SPA web GUI with Apache, AngularJS and Python Twisted

The last time I was developing dynamic web applications years ago. I used CGI and PHP back then. Now I am really interested in a modern approach, when you have a Single Page Web Application SPA written in HTML and JavaScript, that makes http requests to some external API. It's pretty cool, becaus...

Cross-site Scripting (XSS)

Overview angularjs is a Affected versions of this package are vulnerable to Cross-site Scripting XSS. Browsers mutate attributes values such as javascript:alert1 when they are written to the DOM via innerHTML in various vendor specific ways. In Chrome CLICKME'; var innerHTML = h1.innerHTML;...

Rockstar Games: Your support community suffers from angularjs injection and must be fixed immediately [CRITICAL]

In this report, the researcher found that due to our implementation of AngularJS on our Support site, we were susceptible to limited-scope code injection attacks. Particularly, they found that by injecting ... blocks in the comment body parameter, they were able to cause errors that could be...

Rockstar Games: Client-side Template Injection in Search, user email/token leak and maybe sandbox escape

In this report, the researcher was able to perform AngularJS Template Injection on our Support site in order to retrieve data, including email address, userid and tokens. Typically, a user is always able to retrieve this information about themselves and on its own, this is known behavior. However...

Rockstar Games: Stored XSS on support.rockstargames.com

In this report, the researcher demonstrated an AngularJS injection that allowed them to leave Stored XSS attacks on Support Community threads. We were able to resolve this issue and others by updating the version of AngularJS we run on the Support site...

Biscom Secure File Transfer Injection Vulnerability

Biscom Secure File Transfer SFT is a Web-based file transfer solution from Biscom USA. The solution features file sharing, workspace creation and automatic file cleanup. A security vulnerability exists in the Display Name field in Biscom SFT. An attacker can exploit the vulnerability to inject...

Code injection

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces . This expression will be evaluated by any other authenticated user who views the...

CVE-2017-5246

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces . This expression will be evaluated by any other authenticated user who views the...

CVE-2017-5246

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can supply a valid AngularJS expression ({{ … }}) which will be evaluated by other authenticated users viewing the attacker’s display name. Affected versions are 5.0.0000 t...

CVE-2017-5246

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces . This expression will be evaluated by any other authenticated user who views the...

How to Combine D3 with AngularJS

The Benefits and Challenges of D3 Angular Combination Today we'll be focusing on how to combine D3 with the AngularJS framework. As we all know, Angular and D3 frameworks are very popular, and once they work together they can be very powerful and helpful when creating dashboards. But, they can al...

WordPress: [mercantile.wordpress.org] Reflected XSS via AngularJS Template Injection

Hi, By injecting a crafted AngularJS payload into the search endpoint on the WordPress Swag Store, it was possible to achieve reflected XSS further to resolved report 221893. I came across a potential exploitation vector after noticing that a search query for 22 returned 4 in the site title...