2 matches found
Incomplete Filtering of Special Elements
Overview Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements. The srcset attribute in an HTML element can be a vector for content spoofing. An attacker can manipulate the content presented to other users by interpolating a srcset value directly that doesn'...
CVE-2024-8373
Improper sanitization of the value of the srcset attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects all versions of...