Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript execution in operator browser sessions, enabling session hijacking, DOM manipulation, and persistent browser…

CVSS: 8.7 · CWE: CWE-1104

View on NVD

Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by the AngularJS 1.5.2 runtime to achieve arbitrary JavaScript execution in operator browser sessions, wi…

CVSS: 5.2 · CWE: CWE-1336

View on NVD

A regular expression used by AngularJS'  linky https://docs.angularjs.org/api/ngSanitize/filter/linky  filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can cause a Regular expression Denial of Service (ReDoS) https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS  attack on th…

CVSS: 4.3 · CWE: CWE-1333

View on NVD

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing  and also negatively affect the application's performance and behavior by using too large or slow-…

CVSS: 4.8 · CWE: CWE-791

View on NVD

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing  and also negatively affect the application's performance and behavior by using too large or slow-to-load images. This…

CVSS: 4.8 · CWE: CWE-791

View on NVD

Improper sanitization of the value of the [srcset] attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to a…

CVSS: 4.8 · CWE: CWE-791

View on NVD

Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address thi…

CVSS: 4.8 · CWE: CWE-1289

View on NVD

Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Sid…

CVSS: 6.1 · CWE: CWE-79

View on NVD

All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of elements.</p> <p><strong>CVSS:</strong> 4.2 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-25869">View on NVD</a></p> ]]> </description> </item> <item> <title>[Medium] CVE-2021-41174 – Grafana is an open-source platform for monitoring and observability. In affected...</title> <link>https://nvd.nist.gov/vuln/detail/CVE-2021-41174</link> <guid isPermaLink="true">https://nvd.nist.gov/vuln/detail/CVE-2021-41174</guid> <pubDate>Wed, 03 Nov 2021 18:15:08 +0000</pubDate> <description> <![CDATA[ <p><strong><span class="badge risk medium">Medium</span> CVE-2021-41174</strong></p> <p>Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the…</p> <p><strong>CVSS:</strong> 6.9 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-41174">View on NVD</a></p> ]]> </description> </item> <item> <title>[Medium] CVE-2021-32816 – ProtonMail Web Client is the official AngularJS web client for the ProtonMail se...</title> <link>https://nvd.nist.gov/vuln/detail/CVE-2021-32816</link> <guid isPermaLink="true">https://nvd.nist.gov/vuln/detail/CVE-2021-32816</guid> <pubDate>Fri, 14 May 2021 18:15:07 +0000</pubDate> <description> <![CDATA[ <p><strong><span class="badge risk medium">Medium</span> CVE-2021-32816</strong></p> <p>ProtonMail Web Client is the official AngularJS web client for the ProtonMail secure email service. ProtonMail Web Client before version 3.16.60 has a regular expression denial-of-service vulnerability. This was fixed in commit 6687fb. There is a full report available in the referenced GHSL-2021-027.</p> <p><strong>CVSS:</strong> 6.5 · <strong>CWE:</strong> CWE-400</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-32816">View on NVD</a></p> ]]> </description> </item> <item> <title>[Medium] CVE-2020-6200 – The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811, is vulne...</title> <link>https://nvd.nist.gov/vuln/detail/CVE-2020-6200</link> <guid isPermaLink="true">https://nvd.nist.gov/vuln/detail/CVE-2020-6200</guid> <pubDate>Tue, 10 Mar 2020 21:15:14 +0000</pubDate> <description> <![CDATA[ <p><strong><span class="badge risk medium">Medium</span> CVE-2020-6200</strong></p> <p>The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting (XSS) that exploits the templating facilities of the angular framework.</p> <p><strong>CVSS:</strong> 5.4 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-6200">View on NVD</a></p> ]]> </description> </item> <item> <title>[High] CVE-2019-10768 – In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or...</title> <link>https://nvd.nist.gov/vuln/detail/CVE-2019-10768</link> <guid isPermaLink="true">https://nvd.nist.gov/vuln/detail/CVE-2019-10768</guid> <pubDate>Tue, 19 Nov 2019 21:15:11 +0000</pubDate> <description> <![CDATA[ <p><strong><span class="badge risk high">High</span> CVE-2019-10768</strong></p> <p>In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-1321</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-10768">View on NVD</a></p> ]]> </description> </item> <item> <title>[High] CVE-2019-11354 – The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template inj...</title> <link>https://nvd.nist.gov/vuln/detail/CVE-2019-11354</link> <guid isPermaLink="true">https://nvd.nist.gov/vuln/detail/CVE-2019-11354</guid> <pubDate>Fri, 19 Apr 2019 22:29:00 +0000</pubDate> <description> <![CDATA[ <p><strong><span class="badge risk high">High</span> CVE-2019-11354</strong></p> <p>The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication.</p> <p><strong>CVSS:</strong> 7.8 · <strong>CWE:</strong> CWE-74</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-11354">View on NVD</a></p> ]]> </description> </item> <item> <title>[Medium] CVE-2017-16009 – ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable...</title> <link>https://nvd.nist.gov/vuln/detail/CVE-2017-16009</link> <guid isPermaLink="true">https://nvd.nist.gov/vuln/detail/CVE-2017-16009</guid> <pubDate>Mon, 04 Jun 2018 19:29:00 +0000</pubDate> <description> <![CDATA[ <p><strong><span class="badge risk medium">Medium</span> CVE-2017-16009</strong></p> <p>ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting (XSS) via Angular Expressions, if AngularJS is used in combination with ag-grid.</p> <p><strong>CVSS:</strong> 6.1 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2017-16009">View on NVD</a></p> ]]> </description> </item> <item> <title>[Medium] CVE-2017-5246 – Biscom Secure File Transfer is vulnerable to AngularJS expression injection in t...</title> <link>https://nvd.nist.gov/vuln/detail/CVE-2017-5246</link> <guid isPermaLink="true">https://nvd.nist.gov/vuln/detail/CVE-2017-5246</guid> <pubDate>Tue, 18 Jul 2017 18:29:00 +0000</pubDate> <description> <![CDATA[ <p><strong><span class="badge risk medium">Medium</span> CVE-2017-5246</strong></p> <p>Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in…</p> <p><strong>CVSS:</strong> 4.3 · <strong>CWE:</strong> CWE-74</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2017-5246">View on NVD</a></p> ]]> </description> </item> <item> <title>[Medium] CVE-2016-0926 – Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundr...</title> <link>https://nvd.nist.gov/vuln/detail/CVE-2016-0926</link> <guid isPermaLink="true">https://nvd.nist.gov/vuln/detail/CVE-2016-0926</guid> <pubDate>Sun, 18 Sep 2016 02:59:06 +0000</pubDate> <description> <![CDATA[ <p><strong><span class="badge risk medium">Medium</span> CVE-2016-0926</strong></p> <p>Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework.</p> <p><strong>CVSS:</strong> 6.1 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2016-0926">View on NVD</a></p> ]]> </description> </item> <item> <title>[Medium] CVE-2016-4428 – Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 ...</title> <link>https://nvd.nist.gov/vuln/detail/CVE-2016-4428</link> <guid isPermaLink="true">https://nvd.nist.gov/vuln/detail/CVE-2016-4428</guid> <pubDate>Tue, 12 Jul 2016 19:59:03 +0000</pubDate> <description> <![CDATA[ <p><strong><span class="badge risk medium">Medium</span> CVE-2016-4428</strong></p> <p>Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.</p> <p><strong>CVSS:</strong> 5.4 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2016-4428">View on NVD</a></p> ]]> </description> </item> </channel> </rss>