The vulnerability of the Go programming language’s net/html library allows attackers to perform cross-site scripting attacks.

🗓️ 31 Oct 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

The Go net/html vulnerability enables remote XSS by not protecting web page structure.

Reporter	Title	Published	Views	Family All 423
IBM Security Bulletins	Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities	17 Mar 202510:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Data is vulnerable due to github.com/golang/net ( CVE-2023-3978, CVE-2023-45288 )	3 Feb 202522:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image	25 Jun 202410:55	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from shadow-utils, procps-ng, containerd, urllib3, nghttp2 and Golang	15 Dec 202307:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Fusion is affected by exposure of information through cross-site scripting or data queries (CVE-2023-45288, CVE-2023-3978)	25 Jun 202516:15	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Concert Software is vulnerable to multiple issues	15 Apr 202503:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities	5 Feb 202501:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components	22 Feb 202418:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM CICS TX Advanced 11.1 and IBM CICS TX Standard 11.1 (CVE-2023-3978, CVE-2023-44487 and CVE-2023-39325).	6 Dec 202309:40	–	ibm
Tenable Nessus	Amazon Linux 2023 : nerdctl (ALAS2023-2023-366)	3 Oct 202300:00	–	nessus

Vulners

Node

red_hat openshift_service_meshMatch2

OR

red_hat red_hat_openshift_dataMatch4

OR

red_hat red_hat_advanced_cluster_management_for_kubernetesMatch2

OR

red_hat red_hat_openshift_container_platformMatch4

OR

red_hat red_hat_openshift_virtualizationMatch4

OR

red_hat red_hat_ansible_automation_platformMatch2

OR

red_hat red_hat_migration_toolkit_for_containersMatch1.7

OR

red_hat cryostatMatch2

OR

red_hat red_hat_advanced_cluster_securityMatch4

OR

go goRange<1.21.3

OR

go networkingRange<0.13.0

OR

red_hat red_hat_enterprise_linuxMatch8

OR

red_hat red_hat_enterprise_linuxMatch9

Source	Link
go	www.go.dev/cl/514896
go	www.go.dev/issue/61615
pkg	www.pkg.go.dev/vuln/GO-2023-1988
vuldb	www.vuldb.com/
github	www.github.com/golang/net/commit/8ffa475fbdb33da97e8bf79cc5791ee8751fca5e
access	www.access.redhat.com/security/cve/cve-2023-3978
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
repo	www.repo.red-soft.ru/redos/7.3c/x86_64/updates/
web	www.web.nvd.nist.gov/view/vuln/detail

15 Jul 2025 00:00Current

6Medium risk

Vulners AI Score6

CVSS 36.1

CVSS 26.4

EPSS0.00843

Go language net html library remote scripting web page structure cross site scripting