Lucene search
+L

280 matches found

RedHat Linux
RedHat Linux
added 2023/10/03 6:49 p.m.53 views

Moderate: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.3.2 security updates and bug fixes

Multicluster Engine for Kubernetes 2.3.2 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS7.6AI score0.02542EPSS
Exploits3References33
RedHat Linux
RedHat Linux
added 2023/08/03 2:15 p.m.4 views

golang: html/template: improper handling of empty HTML attributes

A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into ta...

7.3CVSS6.7AI score0.01037EPSS
Exploits0References6
Amazon
Amazon
added 2023/07/25 12:0 a.m.48 views

Important: golang

Issue Overview: RESERVED NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFsE CVE-2022-41724 Golang: net/http, mime/multipart: denial of service from excessive resource consumption https://groups.google.com/g/golang-announce/c/V0aBFqaFsE CVE-2022-41725 The ScalarMult and ScalarBaseMult...

9.8CVSS8AI score0.02281EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/07/20 5:32 p.m.6 views

golang: html/template: improper handling of empty HTML attributes

A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into ta...

7.3CVSS6.7AI score0.01037EPSS
Exploits0References6
Amazon
Amazon
added 2023/06/12 12:0 a.m.8 views

Important: golang

Issue Overview: html/template: improper sanitization of CSS values Angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for...

9.8CVSS7.3AI score0.01548EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.36 views

Amazon Linux AMI : golang (ALAS-2023-1760)

The version of golang installed on the remote host is prior to 1.18.6-1.44. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1760 advisory. html/template: improper sanitization of CSS values Angle brackets were not considered dangerous characters when inserted...

9.8CVSS7.4AI score0.01548EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2023/06/06 12:45 a.m.23 views

JStachio XSS vulnerability: Unescaped single quotes

Impact Description: JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. Reproduction Steps: Use the following template code: html Set the value variable to ' onblur='alert1. java public class Escaping public static void mainString args Model model = ne...

6.1CVSS7.3AI score0.00579EPSS
Exploits1References7Affected Software1
RedHat Linux
RedHat Linux
added 2023/05/25 8:10 a.m.4 views

golang: html/template: improper handling of empty HTML attributes

A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into ta...

7.3CVSS6.7AI score0.01037EPSS
Exploits0References6
OSV
OSV
added 2023/05/16 7:17 p.m.6 views

MGASA-2023-0169 Updated golang packages fix security vulnerability

Angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected HMTL, if executed with untrusted input...

9.8CVSS8.7AI score0.01548EPSS
Exploits0References4
Veracode
Veracode
added 2023/05/14 12:8 p.m.44 views

Command Injection

go is vulnerable to Command Injection. The vulnerability allows templates containing actions in unquoted HTML attributes to be executed with empty inputs resulting in unexpected results when parsed potentially leading to allowing injection or arbitrary attributes into tags...

7.3CVSS7.3AI score0.01037EPSS
Exploits0References8Affected Software15
NVD
NVD
added 2023/05/11 4:15 p.m.29 views

CVE-2023-29400

Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...

7.3CVSS8.7AI score0.01037EPSS
Exploits0References5
OSV
OSV
added 2023/05/11 4:15 p.m.7 views

AZL-79022 CVE-2023-29400 affecting package golang 1.25.7-1

Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...

7.3CVSS6.8AI score0.01037EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/05/11 4:15 p.m.57 views

CVE-2023-29400

Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...

7.3CVSS6.8AI score0.01037EPSS
Exploits0References6
OSV
OSV
added 2023/05/11 3:29 p.m.30 views

CVE-2023-29400 Improper handling of empty HTML attributes in html/template

Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...

7.3CVSS6.8AI score0.01037EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2023/05/11 3:29 p.m.11 views

CVE-2023-29400 Improper handling of empty HTML attributes in html/template

Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...

7.4AI score0.01037EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/05/11 3:29 p.m.29 views

CVE-2023-29400

Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...

7.3CVSS6.7AI score0.01037EPSS
Exploits0
OSV
OSV
added 2023/05/08 2:31 p.m.10 views

SUSE-SU-2023:2127-1 Security update for go1.19

This update for go1.19 fixes the following issues: Update to 1.19.9 bnc1200441: - CVE-2023-24539: fixed an improper sanitization of CSS values bnc1211029. - CVE-2023-24540: fixed an improper handling of JavaScript whitespace bnc1211030. - CVE-2023-29400: fixed an improper handling of empty HTML...

9.8CVSS8.5AI score0.02281EPSS
Exploits0References19
OSV
OSV
added 2023/05/05 9:10 p.m.37 views

GO-2023-1753 Improper handling of empty HTML attributes in html/template

Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...

7.3CVSS8.7AI score0.01037EPSS
Exploits0References3
OSV
OSV
added 2023/05/05 6:34 a.m.14 views

SUSE-SU-2023:2105-1 Security update for go1.20

This update for go1.20 fixes the following issues: Update to 1.20.4 bnc1206346: - CVE-2023-24539: Fixed an improper sanitization of CSS values boo1211029. - CVE-2023-24540: Fixed an improper handling of JavaScript whitespace boo1211030. - CVE-2023-29400: Fixed an improper handling of empty HTML...

9.8CVSS8.7AI score0.02281EPSS
Exploits0References18
Vulnrichment
Vulnrichment
added 2023/04/25 6:22 p.m.11 views

CVE-2023-30838 PrestaShop vulnerable to possible XSS injection through Validate::isCleanHTML method

PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the ValidateCore::isCleanHTML method of Prestashop misses hijackable events which can lead to cross-site scripting XSS injection, allowed by the presence of pre-setup @keyframes methods. This XSS, which...

8.5CVSS5.2AI score0.01037EPSS
Exploits2References3
Rows per page
Query Builder