AngularJS 1.2.6

CPE Details

AngularJS 1.2.6
angularjs
angular.js
1.2.6
2019-12-05
19h06 +00:00
2019-12-05
19h06 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:angularjs:angular.js:1.2.6:*:*:*:*:*:*:*

Informations

Vendor

angularjs

Product

angular.js

Version

1.2.6

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-8373 2024-09-09 14h48 +00:00 Improper sanitization of the value of the [srcset] attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
4.8
Medium
CVE-2020-7676 2020-06-08 11h34 +00:00 angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "
5.4
Medium
CVE-2019-14863 2020-01-02 13h20 +00:00 There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
6.1
Medium
CVE-2019-10768 2019-11-19 19h07 +00:00 In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.
7.5
High