Vulnerabilities > Angularjs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-09 | CVE-2024-8372 | Unspecified vulnerability in Angularjs Angular.Js Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. | 4.3 |
| 2024-09-09 | CVE-2024-8373 | Unspecified vulnerability in Angularjs Angular.Js Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. | 4.3 |
| 2024-02-10 | CVE-2024-21490 | Unspecified vulnerability in Angularjs Angular.Js This affects versions of the package angular from 1.3.0. | 7.5 |
| 2023-03-30 | CVE-2023-26116 | Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. | 5.3 |
| 2023-03-30 | CVE-2023-26117 | Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. | 5.3 |
| 2023-03-30 | CVE-2023-26118 | Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. | 5.3 |
| 2022-07-15 | CVE-2022-25869 | Cross-site Scripting vulnerability in Angularjs Angular All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements. | 6.1 |
| 2022-05-01 | CVE-2022-25844 | The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. | 7.5 |
| 2020-06-08 | CVE-2020-7676 | Cross-site Scripting vulnerability in Angularjs Angular.Js angular.js prior to 1.8.0 allows cross site scripting. | 5.4 |
| 2020-01-02 | CVE-2019-14863 | Cross-site Scripting vulnerability in multiple products There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. | 6.1 |