308 matches found
PT-2025-23829
Name of the Vulnerable Software and Affected Versions AngularJS versions 1.3.1 and later Description The issue is related to improper sanitization of the href and xlink:href attributes in SVG elements in the ngSanitize module. This allows attackers to bypass common image source restrictions,...
CVE-2022-27665
Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...
CVE-2021-32816
ProtonMail Web Client is the official AngularJS web client for the ProtonMail secure email service. ProtonMail Web Client before version 3.16.60 has a regular expression denial-of-service vulnerability. This was fixed in commit 6687fb. There is a full report available in the referenced...
CVE-2020-6200
The SAP Commerce SmartEdit Extension, versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting XSS that exploits the templating facilities of the angular framework...
Content Spoofing
AngularJS is vulnerable to Content Spoofing. The vulnerability is due to improper sanitization of the 'href' and 'xlink:href' attributes in SVG elements, which allows attackers to bypass image source restrictions...
Incomplete Filtering of Special Elements
Overview Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements due to improper sanitization of the href and xlink:href attributes in SVG elements. An attacker can bypass image source restrictions and negatively affect the application's performance and behavi...
Incomplete Filtering of Special Elements
Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements due to improper sanitization of the href and xlink:href attributes in SVG elements. An attacker can bypass image...
GHSA-J58C-WW9W-PWP5 AngularJS improperly sanitizes SVG elements
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and also negatively affect...
AngularJS improperly sanitizes SVG elements
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and also negatively affect...
DEBIAN-CVE-2025-0716
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and also negatively affect...
CVE-2025-0716
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and also negatively affect...
CVE-2025-0716
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and also negatively affect...
CVE-2025-0716
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and also negatively affect...
CVE-2025-0716 AngularJS improper sanitization in SVG '<image>' element
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and also negatively affect...
CVE-2025-0716
CVE-2025-0716 is a vulnerability in AngularJS where improper sanitization of the href and xlink:href attributes in SVG elements can bypass image-source restrictions and enable Content Spoofing, potentially affecting performance due to large or slow-loading images. Affects all versions of Angular...
CVE-2025-0716 AngularJS improper sanitization in SVG '<image>' element
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and also negatively affect...
AngularJS 安全漏洞
AngularJS is a TypeScript-based open source web application framework from AngularJS Open Source. A security vulnerability exists in AngularJS that stems from improper cleanup of the href and xlink:href attributes in SVG elements, which could lead to content spoofing and performance issues...
PT-2025-18187
Name of the Vulnerable Software and Affected Versions AngularJS versions prior to the end of life, as no specific fixed version is mentioned and the project is End-of-Life. Description The issue is related to improper sanitization of the href and xlink:href attributes in SVG elements, allowing...
CVE-2024-8372
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...
F5 Networks BIG-IP : AngularJS XSS vulnerability (K32412075)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K32412075 advisory. angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code...