272 matches found
golang: html/template: improper handling of empty HTML attributes
A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into ta...
MGASA-2023-0169 Updated golang packages fix security vulnerability
Angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected HMTL, if executed with untrusted input...
Command Injection
go is vulnerable to Command Injection. The vulnerability allows templates containing actions in unquoted HTML attributes to be executed with empty inputs resulting in unexpected results when parsed potentially leading to allowing injection or arbitrary attributes into tags...
CVE-2023-29400
Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...
CVE-2023-29400
Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...
AZL-79022 CVE-2023-29400 affecting package golang 1.25.7-1
Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...
CVE-2023-29400
Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...
CVE-2023-29400 Improper handling of empty HTML attributes in html/template
Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...
CVE-2023-29400
Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...
SUSE-SU-2023:2127-1 Security update for go1.19
This update for go1.19 fixes the following issues: Update to 1.19.9 bnc1200441: - CVE-2023-24539: fixed an improper sanitization of CSS values bnc1211029. - CVE-2023-24540: fixed an improper handling of JavaScript whitespace bnc1211030. - CVE-2023-29400: fixed an improper handling of empty HTML...
GO-2023-1753 Improper handling of empty HTML attributes in html/template
Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...
SUSE-SU-2023:2105-1 Security update for go1.20
This update for go1.20 fixes the following issues: Update to 1.20.4 bnc1206346: - CVE-2023-24539: Fixed an improper sanitization of CSS values boo1211029. - CVE-2023-24540: Fixed an improper handling of JavaScript whitespace boo1211030. - CVE-2023-29400: Fixed an improper handling of empty HTML...
CVE-2023-30838 PrestaShop vulnerable to possible XSS injection through Validate::isCleanHTML method
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the ValidateCore::isCleanHTML method of Prestashop misses hijackable events which can lead to cross-site scripting XSS injection, allowed by the presence of pre-setup @keyframes methods. This XSS, which...
CVE-2021-4195
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Firmanet Software and Technology Customer Relation Manager allows XSS Targeting HTML Attributes. This issue affects Customer Relation Manager: before 2022.03.13...
CVE-2021-4195
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Firmanet Software and Technology Customer Relation Manager allows XSS Targeting HTML Attributes.This issue affects Customer Relation Manager: before 2022.03.13...
CVE-2021-4195
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Firmanet Software and Technology Customer Relation Manager allows XSS Targeting HTML Attributes. This issue affects Customer Relation Manager: before 2022.03.13...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Firmanet Software and Technology Customer Relation Manager allows XSS Targeting HTML Attributes.This issue affects Customer Relation Manager: before 2022.03.13...
CVE-2021-4195 XSS in Firmanet Software and Technology Customer Relation Manager
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Firmanet Software and Technology Customer Relation Manager allows XSS Targeting HTML Attributes. This issue affects Customer Relation Manager: before 2022.03.13...
CVE-2021-4195 XSS in Firmanet Software and Technology Customer Relation Manager
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Firmanet Software and Technology Customer Relation Manager allows XSS Targeting HTML Attributes. This issue affects Customer Relation Manager: before 2022.03.13...
Firmanet Business Management System 跨站脚本漏洞
Firmanet Business Management System is a business management system from Firmanet Corporation. A security vulnerability exists in Firmanet Business Management System, which arises from improper neutralization of input during web page generation, allowing XSS Targeting of HTML attributes...