CVE-2024-8372
AngularJS improper sanitization in 'srcset' attributeImproper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
We have discovered 382,575 live websites that are affected by CVE-2024-8372.
Affected Software
| Product |  AngularJS |
| Category | JavaScript Frameworks |
| Vulnerable Domains | 382,575 live websites (92.65% of AngularJS install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 49 versions ( 37.40% of all versions) |
Common Weakness Enumeration
CWE-1289 Improper Validation of Unsafe Equivalence in InputDetails
- Published - Sep 9, 2024
- Updated - Nov 22, 2024
CWE
CVE References
CWE References
CVE-2024-8372 usage by Country
 United States | 64,089 websites |
 Israel | 290,187 websites |
 Germany | 4,560 websites |
 GB | 3,792 websites |
 Brazil | 2,729 websites |
 Switzerland | 2,170 websites |
 France | 1,541 websites |
 Italy | 1,091 websites |
 Netherlands | 1,079 websites |
 Australia | 1,058 websites |
CVE-2024-8372 usage by TLD
| .com | 241,271 websites |
| .org | 19,171 websites |
| .co.uk | 17,158 websites |
| .net | 11,346 websites |
| .com.br | 10,577 websites |
| .de | 8,118 websites |
| .com.au | 6,035 websites |
| .ch | 5,384 websites |
| .fr | 5,055 websites |
| .ca | 4,834 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-8372
Top websites that are affected by CVE-2024-8372. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **********.***********.com | United States | ** | |
| **********.com | United States | *** | |
| ****.ru |  Russia | *,*** | |
| ***.cn |  China | *,*** | |
| ******.com | United States | *,*** | |
| *******.org | United States | **,*** | |
| ******************.***.com | United States | **,*** | |
| ********.com | United States | **,*** | |
| ************.***.com | United States | **,*** | |
| *******.com | United States | **,*** |
FAQ
CVE-2024-8372 is Improper Validation of Unsafe Equivalence in Input in AngularJS
A total of 382,575 websites have been identified as vulnerable to CVE-2024-8372, discovered through global website indexing conducted by WebTechSurvey.
AngularJS is susceptible to CVE-2024-8372 vulnerability.
AngularJS versions before 1.3 are vulnerable to CVE-2024-8372.
Version 1.3 of AngularJS addresses the CVE-2024-8372 security vulnerability.