{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/sicuro24-sicuroweb/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.7,"id":"CVE-2026-41468"}],"_cs_exploited":false,"_cs_products":["Sicuro24 SicuroWeb","AngularJS"],"_cs_severities":["high"],"_cs_tags":["cve-2026-41468","angularjs","template-injection","mitm"],"_cs_type":"advisory","_cs_vendors":["Beghelli"],"content_html":"\u003cp\u003eBeghelli Sicuro24 SicuroWeb is vulnerable due to its inclusion of AngularJS version 1.5.2, which is an end-of-life component with known sandbox escape primitives. This vulnerability, tracked as CVE-2026-41468, can be exploited via template injection present within the SicuroWeb application. When combined, these vulnerabilities allow a network-adjacent attacker to bypass the AngularJS sandbox and achieve arbitrary JavaScript execution within the browser sessions of SicuroWeb operators. The attack is facilitated by plaintext HTTP deployments, where a man-in-the-middle (MITM) attacker can inject the malicious payload without requiring active user interaction. This issue exposes operators to potential session hijacking, DOM manipulation, and persistent browser compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker positions themselves as a Man-in-the-Middle (MITM) on the network.\u003c/li\u003e\n\u003cli\u003eOperator initiates a session with the vulnerable Beghelli Sicuro24 SicuroWeb application over plaintext HTTP.\u003c/li\u003e\n\u003cli\u003eThe MITM attacker intercepts the HTTP traffic between the operator and the SicuroWeb application.\u003c/li\u003e\n\u003cli\u003eThe attacker injects a malicious AngularJS template injection payload into the HTTP response destined for the operator\u0026rsquo;s browser.\u003c/li\u003e\n\u003cli\u003eThe operator\u0026rsquo;s browser processes the injected HTTP response, rendering the malicious AngularJS template.\u003c/li\u003e\n\u003cli\u003eThe injected AngularJS template leverages known sandbox escape primitives present in AngularJS 1.5.2.\u003c/li\u003e\n\u003cli\u003eThe sandbox escape allows the attacker to execute arbitrary JavaScript code within the operator\u0026rsquo;s browser session.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the arbitrary JavaScript execution to perform actions such as session hijacking, DOM manipulation for credential harvesting, or establishing persistent browser compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-41468 can lead to significant compromise of Beghelli Sicuro24 SicuroWeb operator sessions. An attacker can hijack active sessions, steal credentials through DOM manipulation, or establish persistent control over the operator\u0026rsquo;s browser. Due to the lack of specific victim numbers or sector targeting information, the potential scope of damage is difficult to quantify but highly dependent on the privileges associated with compromised operator accounts. A successful attack could enable unauthorized access to sensitive data, system configurations, or control functions managed by the SicuroWeb application.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious AngularJS Template Injection\u003c/code\u003e to identify potential exploitation attempts against web applications leveraging AngularJS, focusing on HTTP requests containing suspicious template expressions.\u003c/li\u003e\n\u003cli\u003eImplement network monitoring for HTTP traffic to detect potential MITM attacks, focusing on connections to the SicuroWeb application, using the rule \u003ccode\u003eDetect Plaintext HTTP Traffic\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUpgrade Beghelli Sicuro24 SicuroWeb to a version that no longer utilizes AngularJS 1.5.2 or implement a robust Content Security Policy (CSP) to mitigate the impact of potential template injection attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-03-beghelli-sicuro24-angularjs/","summary":"Beghelli Sicuro24 SicuroWeb is vulnerable to arbitrary JavaScript execution due to embedding an end-of-life AngularJS 1.5.2 component with known sandbox escape primitives combined with template injection, enabling attackers to compromise operator browser sessions via MITM attacks.","title":"Beghelli Sicuro24 SicuroWeb AngularJS Sandbox Escape via Template Injection","url":"https://feed.craftedsignal.io/briefs/2024-01-03-beghelli-sicuro24-angularjs/"}],"language":"en","title":"CraftedSignal Threat Feed — Sicuro24 SicuroWeb","version":"https://jsonfeed.org/version/1.1"}