Vulnerabilities > Angularjs

DATE CVE VULNERABILITY TITLE RISK
2024-09-09 CVE-2024-8372 Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue.
network
low complexity
angularjs netapp
4.3
4.3
2024-09-09 CVE-2024-8373 Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue.
network
low complexity
angularjs netapp
4.3
4.3
2024-02-10 CVE-2024-21490 Unspecified vulnerability in Angularjs Angular.Js
This affects versions of the package angular from 1.3.0.
network
low complexity
angularjs
7.5
7.5
2023-03-30 CVE-2023-26116 Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression.
network
low complexity
angularjs fedoraproject
5.3
5.3
2023-03-30 CVE-2023-26117 Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression.
network
low complexity
angularjs fedoraproject
5.3
5.3
2023-03-30 CVE-2023-26118 Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality.
network
low complexity
angularjs fedoraproject
5.3
5.3
2022-07-15 CVE-2022-25869 Cross-site Scripting vulnerability in Angularjs Angular
All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.
network
low complexity
angularjs CWE-79
6.1
6.1
2022-05-01 CVE-2022-25844 The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value.
network
low complexity
angularjs fedoraproject netapp
7.5
7.5
2020-06-08 CVE-2020-7676 Cross-site Scripting vulnerability in Angularjs Angular.Js
angular.js prior to 1.8.0 allows cross site scripting.
network
low complexity
angularjs CWE-79
5.4
5.4
2020-01-02 CVE-2019-14863 Cross-site Scripting vulnerability in multiple products
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
network
low complexity
angularjs redhat CWE-79
6.1
6.1