CVE-2024-8373
AngularJS improper sanitization in '<source>' elementImproper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
We have discovered 412,908 live websites that are affected by CVE-2024-8373.
Affected Software
| Product |  AngularJS |
| Category | JavaScript Frameworks |
| Vulnerable Domains | 412,908 live websites (100.00% of AngularJS install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 125 versions ( 95.42% of all versions) |
Common Weakness Enumeration
CWE-791 Incomplete Filtering of Special ElementsDetails
- Published - Sep 9, 2024
- Updated - Nov 22, 2024
CWE
CVE References
CWE References
CVE-2024-8373 usage by Country
 United States | 82,819 websites |
 Israel | 290,268 websites |
 Germany | 6,002 websites |
 GB | 4,470 websites |
 Brazil | 3,166 websites |
 Switzerland | 2,422 websites |
 France | 2,402 websites |
 Netherlands | 2,039 websites |
 Russia | 1,563 websites |
 Italy | 1,500 websites |
CVE-2024-8373 usage by TLD
| .com | 257,353 websites |
| .org | 20,430 websites |
| .co.uk | 17,661 websites |
| .net | 12,318 websites |
| .com.br | 11,034 websites |
| .de | 8,773 websites |
| .com.au | 6,364 websites |
| .ch | 5,561 websites |
| .fr | 5,353 websites |
| .ca | 5,308 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-8373
Top websites that are affected by CVE-2024-8373. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **********.***********.com | United States | ** | |
| *****************.******.com | United States | ** | |
| **********.com | United States | *** | |
| **********.com | United States | *** | |
| United States | *** | ||
| *************.**********.com | United States | *,*** | |
| ***.******.com | United States | *,*** | |
| *********.**********.com | United States | *,*** | |
| ************.com | United States | *,*** | |
| *********.com | United States | *,*** |
FAQ
CVE-2024-8373 is Incomplete Filtering of Special Elements in AngularJS
A total of 412,908 websites have been identified as vulnerable to CVE-2024-8373, discovered through global website indexing conducted by WebTechSurvey.
AngularJS is susceptible to CVE-2024-8373 vulnerability.
AngularJS versions before, and including, 1.8.3 are vulnerable to CVE-2024-8373.