Filtered by vendor Angularjs
Subscribe
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10768 | 1 Angularjs | 1 Angular.js | 2022-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload. | |||||
| CVE-2022-25844 | 3 Angularjs, Fedoraproject, Netapp | 3 Angular, Fedora, Ontap Select Deploy Administration Utility | 2022-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher. | |||||
| CVE-2022-25869 | 1 Angularjs | 1 Angular | 2022-07-21 | N/A | 6.1 MEDIUM |
| All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements. | |||||
| CVE-2020-7676 | 1 Angularjs | 1 Angular.js | 2020-10-09 | 3.5 LOW | 5.4 MEDIUM |
| angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code. | |||||
| CVE-2019-14863 | 2 Angularjs, Redhat | 3 Angular.js, Decision Manager, Process Automation | 2020-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. | |||||
| CVE-2017-16009 | 2 Ag-grid, Angularjs | 2 Ag-grid, Angularjs | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting (XSS) via Angular Expressions, if AngularJS is used in combination with ag-grid. | |||||