AngularJS 0.10.3

CPE Details

AngularJS 0.10.3
angularjs
angular.js
0.10.3
2019-12-05
19h06 +00:00
2019-12-05
19h06 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:angularjs:angular.js:0.10.3:*:*:*:*:*:*:*

Informations

Vendor

angularjs

Product

angular.js

Version

0.10.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-8373 2024-09-09 14h48 +00:00 Improper sanitization of the value of the [srcset] attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
4.8
Medium
CVE-2020-7676 2020-06-08 11h34 +00:00 angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "
5.4
Medium
CVE-2019-10768 2019-11-19 19h07 +00:00 In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.
7.5
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.