Description
The web application does not neutralize or incorrectly neutralizes scripting elements within attributes of HTML IMG tags, such as the src attribute.
Extended Description
Attackers can embed XSS exploits into the values for IMG attributes (e.g. SRC) that is streamed and then executed in a victim's browser. Note that when the page is loaded into a user's browsers, the exploit will automatically execute.
CVE vulnerabilities with CWE-82 (7)
9.9
CVSS
CRITICAL
CVE-2024-52427
pub. 2024-11-18
9.1
CVSS
CRITICAL
CVE-2024-52434
pub. 2024-11-18
9.1
CVSS
CRITICAL
CVE-2024-52393
pub. 2024-11-14
9.1
CVSS
CRITICAL
CVE-2024-48042
pub. 2024-10-16
9.1
CVSS
CRITICAL
CVE-2024-49271
pub. 2024-10-16
8.5
CVSS
HIGH
CVE-2025-53194
pub. 2025-08-20
5.4
CVSS
MEDIUM
CVE-2023-30963
pub. 2023-07-10