AngularJS improperly sanitizes SVG elements

Severity:: Low

Description

Improper sanitization of the value of the ‘href’ and ‘xlink:href’ attributes in ‘' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.

Recommendation

No fix is available yet. Followings are affected versions:

<= 1.8.3

References

GHSA-j58c-ww9w-pwp5
codepen.io
www.herodevs.com
lists.debian.org
CVE-2025-0716
CWE-791
CAPEC-310
OWASP 2021-A6

Related Issues

parse is vulnerable to prototype pollution - CVE-2025-57324
angular Prototype Pollution vulnerability - CVE-2019-10768
AngularJS allows attackers to bypass common image source restrictions (GHSA-mqm9-c95h-x2p6) - CVE-2024-8373
AngularJS allows attackers to bypass common image source restrictions - CVE-2024-8372

Tags:: npm; angular

Anything's wrong? Let us know Last updated on November 03, 2025