RSS   Vulnerabilities for 'Angular.js'   RSS

2020-06-08
 
CVE-2020-7676

CWE-79
 

 
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.

 
2020-01-02
 
CVE-2019-14863

CWE-79
 

 
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.

 
2019-11-19
 
CVE-2019-10768

CWE-20
 

 
In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.

 


Copyright 2020, cxsecurity.com

 

Back to Top