We must thank IT virtualization as it led us to cloud technology. Today's IT infrastructures are already running their mission critical business applications on virtual machines. Like the physical infrastructure, virtualization is also cursed with cyber security challenges. This article talks about a typical open source virtualization solution and depicts the steps to secure its.
Angular JS is a framework by Google (originally developed by Misko Hevery and Adam Abrons) which helps us in building powerful Web Apps. It is a framework to build large scale and high performance web application while keeping them as easy-to-maintain.
Security Policy (CSP) Bypass: Affected versions of the package are vulnerable to CSP Bypass. Extension URIs (resource://...) bypass Content-Security-Policy in Chrome and Firefox and can always be loaded. Now if a site already has a XSS bug, and uses CSP to protect itself, but the user has an extension installed that uses Angular, an attacker can load Angular from the extension, and Angular's auto-bootstrapping can be used to bypass the victim site's CSP protection.
angular is an HTML enhanced for web apps.
Affected versions of the package are vulnerable to Cross-site Scripting (XSS) via ideographic space chararcters in URIs.
Here is an example of what could happen:
// Code goes here
var h1 = document.querySelector('h1');
h1.innerHTML = 'CLICKME';
var innerHTML = h1.innerHTML;
h1.innerHTML = innerHTML;
The sanitizer contains a bit of code that triggers this mutation on an inert piece of DOM, before angular sanitizes it.
angularjs is a toolset for building the framework suited to your application development.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through SVG files if enableSvg is set.
At Valency Networks, we understand your web application and perform framework specific checks mentioned above. Our expertise in this matter enables us to be very accurate in terms of our vulnerability finding