How severe is CVE-2024-8372?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2024-8372?

This is classified as CWE-1289, which is a common weakness in software security.

CVE-2024-8372 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

Related Vulnerabilities

CVE-2022-0675

CRITICAL

CVSS:9.8(Critical)

In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist ...

CWE-12892022

CVE-2024-45179

HIGH

CVSS:7.2(High)

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was...

CWE-12892024

CVE-2024-42219

HIGH

CVSS:7.0(High)

1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient.

CWE-12892024

CVE-2024-45308

MEDIUM

CVSS:6.5(Medium)

HedgeDoc is an open source, real-time, collaborative, markdown notes application. When using HedgeDoc 1 with MySQL or MariaDB, it is possible to create notes with an alias matching the ID of existing ...

CWE-12892024

CVE-2024-42218

MEDIUM

CVSS:6.3(Medium)

1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms.

CWE-12892024

CVE-2024-12224

MEDIUM

Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while ano...

CWE-12892024