CVE-2025-0716

MEDIUM Year: 2025
CVSS v3 Score
4.8
Medium
Weakness Type
CWE-791
View all →

Vulnerability Description

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing and also negatively affect the application's performance and behavior by using too large or slow-to-load images. This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

Related Vulnerabilities

CVE-2024-8373

MEDIUM
CVSS:4.3(Medium)

Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Conten...

CWE-7912024

CVE-2020-36827

MEDIUM
CVSS:5.4(Medium)

The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in Web::Action.

CWE-7912020

CVE-2023-1076

MEDIUM
CVSS:5.5(Medium)

A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devic...

CWE-7912023

CVE-2025-2040

MEDIUM
CVSS:6.3(Medium)

A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulat...

CWE-7912025

CVE-2025-3841

MEDIUM
CVSS:3.3(Low)

A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Ji...

CWE-7912025