CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23658 – WordPress Advanced Angular Contact Form plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23658
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tauhidul Alam Advanced Angular Contact Form allows Reflected XSS. This issue affects Advanced Angular Contact Form: from n/a through 1.1.0. The Advanced Angular Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject ... • https://patchstack.com/database/wordpress/plugin/advanced-angular-contact-form/vulnerability/wordpress-advanced-angular-contact-form-plugin-1-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 88%CPEs: 1EXPL: 5CVE-2024-42640 – Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2024-42640
11 Oct 2024 — angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. • https://packetstorm.news/files/id/190263 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-21490
https://notcve.org/view.php?id=CVE-2024-21490
10 Feb 2024 — This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core). • https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34840
https://notcve.org/view.php?id=CVE-2023-34840
30 Jun 2023 — angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability. • https://github.com/Xh4H/CVE-2023-34840 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28444 – angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend
https://notcve.org/view.php?id=CVE-2023-28444
24 Mar 2023 — angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript (.ts) files during build time of an Angular CLI project. The detected environment variables are written to a ngssc.json file in the output directory. During deployment of an Angular based app, the environment variables based on the variables from ngssc.json are inserted into the... • https://github.com/kyubisation/angular-server-side-configuration/commit/d701f51260637a84ede278e248934e0437a7ff86 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10035 – gperson angular-test-reporter data-server.js addTest sql injection
https://notcve.org/view.php?id=CVE-2015-10035
09 Jan 2023 — A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The patch is named a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is recommended to apply a patch to fix this issue. • https://github.com/gperson/angular-test-reporter/commit/a29d8ae121b46ebfa96a55a9106466ab2ef166ae • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-4231 – Angular Comment cross site scripting
https://notcve.org/view.php?id=CVE-2021-4231
26 May 2022 — A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. • https://github.com/angular/angular/commit/ba8da742e3b243e8f43d4c63aa842b44e14f2b09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-13339
https://notcve.org/view.php?id=CVE-2018-13339
05 Jul 2018 — Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035. Imperavi Redactor 3 en Angular Redactor 1.1.6, cuando se emplea el modo de contenido HTML, permite Cross-Site Scripting (XSS) persistente, tal y como queda demostrado con un atributo onerror de un elemento IMG. Esto está relacionado con CVE-2018-7035. • https://github.com/TylerGarlick/angular-redactor/issues/77 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-3713
https://notcve.org/view.php?id=CVE-2018-3713
07 Jun 2018 — angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path. El módulo de node angular-http-server sufre de una vulnerabilidad de salto de directorio debido a la falta de validación de possibleFilename, lo que permite que un usuario malicioso lea contenido de cualquier archivo con una ruta conocida. • https://github.com/ossf-cve-benchmark/CVE-2018-3713 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10524
https://notcve.org/view.php?id=CVE-2016-10524
31 May 2018 — i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of Service or content injection. i18n-node-angular es un módulo empleado para interactuar entre i18n y angular sin emplear recursos adicionales. Un endpoint API REST que se emplea para desarrollo en i18n-node-angular e... • https://github.com/oliversalzburg/i18n-node-angular/commit/877720d2d9bb90dc8233706e81ffa03f99fc9dc8 • CWE-400: Uncontrolled Resource Consumption •