Beyond security

Language

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

CVE-2024-8373

Medium

Low Medium High Critical

4.8

CVSS Score

Published: Sep 09, 2024

Last Modified: Nov 20, 2025

Vulnerability Description

Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .

This issue affects all versions of AngularJS.

Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector

N

Attack Complexity

H

Privileges Required

N

User Interaction

N

Scope

U

Confidentiality

N

Integrity

L

Availability

L

Known Affected Software

1 configuration(s) from 1 vendor(s)

active_iq_unified_manager

Version:

-

CPE:

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

This vulnerability affects 1 software configuration(s). Ensure you patch all affected systems.

Available Security Patches

1 patch available from vendors

View All Patches

Canonical (Ubuntu)

USN-7958-1

USN-7958-1: AngularJS vulnerabilities

Severity

Unknown

Released

Jan 14, 2026

Security Update

View Details Vendor Page

Browse All Security Patches

References & Resources

Severity Details

4.8

out of 10.0

Medium

Key Information

Published Date: September 09, 2024

External Resources

NIST

National Vulnerability Database

Detailed vulnerability info

Official CVE record