5.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.3%
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
go.dev/cl/514896
go.dev/issue/61615
nvd.nist.gov/vuln/detail/CVE-2023-3978
pkg.go.dev/vuln/GO-2023-1988