Lucene search

K
cvelistGoCVELIST:CVE-2023-3978
HistoryAug 02, 2023 - 7:48 p.m.

CVE-2023-3978 Improper rendering of text nodes in golang.org/x/net/html

2023-08-0219:48:56
Go
www.cve.org
6
cve-2023-3978
golang.org
html namespace
xss attack

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

34.9%

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

CNA Affected

[
  {
    "vendor": "golang.org/x/net",
    "product": "golang.org/x/net/html",
    "collectionURL": "https://pkg.go.dev",
    "packageName": "golang.org/x/net/html",
    "versions": [
      {
        "version": "0",
        "lessThan": "0.13.0",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "programRoutines": [
      {
        "name": "render1"
      },
      {
        "name": "Render"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

34.9%