Executive Summary

Informations
Name CVE-2025-2336 First vendor Publication 2025-06-04
Vendor Cve Last vendor Modification 2025-06-04

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing  and also negatively affect the application's performance and behavior by using too large or slow-to-load images.

This issue affects AngularJS versions greater than or equal to 1.3.1.

Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2336

Sources (Detail)

https://codepen.io/herodevs/pen/bNGYaXx/412a3a4218387479898912f60c269c6c
https://www.herodevs.com/vulnerability-directory/cve-2025-2336
https://www.herodevs.com/vulnerability-directory/cve-2025-2336?angularjs-nes
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2025-06-05 00:20:37
  • Multiple Updates
2025-06-04 21:20:41
  • First insertion