CVE-2024-8373

Published: Sep 9, 2024Modified: Nov 20, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

Affected (4)

Products: Angularjs: Angularjs · Netapp: Active Iq Unified Manager

1 product

1 product

Active Iq Unified Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Angularjs Angularjs	Up to 1.8.3

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	All versions
Netapp Active Iq Unified Manager	All versions
Netapp Active Iq Unified Manager	All versions

Related CWEs

Incomplete Filtering of Special Elements

The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.

References (4)

https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b

Source: 36c7be3b-2937-45df-85ea-ca7133ea542c

ExploitThird Party Advisory

https://www.herodevs.com/vulnerability-directory/cve-2024-8373

Source: 36c7be3b-2937-45df-85ea-ca7133ea542c

ExploitThird Party Advisory

https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20241122-0003/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.