Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2023-39319
HistorySep 08, 2023 - 5:15 p.m.

CVE-2023-39319

2023-09-0817:15:27
Debian Security Bug Tracker
security-tracker.debian.org
8
html template package
script contexts
xss attack
cve-2023-39319
handling rules
js literals
template parser
improper escaping
security vulnerability
unix

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.3%

The html/template package does not apply the proper rules for handling occurrences of โ€œ<scriptโ€, "

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.3%