Vulnerabilities > Angularjs > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-09 CVE-2024-8372 Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue.
network
low complexity
angularjs netapp
4.3
4.3
2024-09-09 CVE-2024-8373 Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue.
network
low complexity
angularjs netapp
4.3
4.3
2023-03-30 CVE-2023-26116 Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression.
network
low complexity
angularjs fedoraproject
5.3
5.3
2023-03-30 CVE-2023-26117 Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression.
network
low complexity
angularjs fedoraproject
5.3
5.3
2023-03-30 CVE-2023-26118 Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality.
network
low complexity
angularjs fedoraproject
5.3
5.3
2022-07-15 CVE-2022-25869 Cross-site Scripting vulnerability in Angularjs Angular
All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.
network
low complexity
angularjs CWE-79
6.1
6.1
2020-06-08 CVE-2020-7676 Cross-site Scripting vulnerability in Angularjs Angular.Js
angular.js prior to 1.8.0 allows cross site scripting.
network
low complexity
angularjs CWE-79
5.4
5.4
2020-01-02 CVE-2019-14863 Cross-site Scripting vulnerability in multiple products
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
network
low complexity
angularjs redhat CWE-79
6.1
6.1