CWE-82 7 個 CVE MITRE 定義 ↗

CWE-82:Improper Neutralization of Script in Attributes of IMG Tags in a Web Page

概覽

CWE-82(Improper Neutralization of Script in Attributes of IMG Tags in a Web Page)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The web application does not neutralize or incorrectly neutralizes scripting elements within attributes of HTML IMG tags, such as the src attribute.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Web Based Often
technology Web Server Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2025-53194 2025-08-20 Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Code Injection.This issue affects JetEngine: from n/a through <= 3.7.0.
CVE-2024-52434 2024-11-18 Deserialization of Untrusted Data vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through <= 1.10.29.
CVE-2024-52427 2024-11-18 Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include (SSI) Injection.This issue affects Event Tic…
CVE-2024-52393 2024-11-14 Deserialization of Untrusted Data vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress.This issue affects Podlove Podcast Publisher: from n/a through <= 4.1.…
CVE-2024-49271 2024-10-16 Deserialization of Untrusted Data vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor allows Command Injection.This …
CVE-2024-48042 2024-10-16 Deserialization of Untrusted Data vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through…
CVE-2023-30963 2023-07-10 A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Found…

曾用名

  • Script in IMG Tags (2008-04-11)
  • Failure to Sanitize Script in Attributes of IMG Tags in a Web Page (2009-05-27)
  • Improper Sanitization of Script in Attributes of IMG Tags in a Web Page (2010-06-21)

內容提交

名稱
PLOVER
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships, Taxonomy_Mappings
2008-10-14 CWE Content Team 1.0.1 updated Description
2009-05-27 CWE Content Team 1.4 updated Description, Name
2009-10-29 CWE Content Team 1.6 updated Relationships
2009-12-28 CWE Content Team 1.7 updated Observed_Examples
2010-06-21 CWE Content Team 1.9 updated Description, Name, Potential_Mitigations
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-05-03 CWE Content Team 2.11 updated Related_Attack_Patterns
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms
2020-02-24 CWE Content Team 4.0 updated Relationships
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Weakness_Ordinalities
cvelogic Threat Intelligence