Lucene search
+L

41 matches found

RedHat Linux
RedHat Linux
added 2026/05/19 6:26 p.m.4 views

html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

A flaw was found in the html/template package. This vulnerability arises from improper tracking of context and brace depth within JavaScript JS template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting...

6.1CVSS6.7AI score0.0029EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/10 2:24 p.m.4 views

html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

A flaw was found in the html/template package. This vulnerability arises from improper tracking of context and brace depth within JavaScript JS template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting...

6.1CVSS6AI score0.0029EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/09 11:0 a.m.3 views

html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

A flaw was found in the html/template package. This vulnerability arises from improper tracking of context and brace depth within JavaScript JS template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting...

6.1CVSS6AI score0.0029EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/04/08 11:25 p.m.4 views

SUSE CVE-2026-32289

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...

5.4CVSS5.8AI score0.0029EPSS
Exploits0References10
OSV
OSV
added 2026/04/08 2:16 a.m.1 views

DEBIAN-CVE-2026-32289

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...

6.1CVSS5.2AI score0.0029EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/08 2:16 a.m.8 views

CVE-2026-32289

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...

6.1CVSS5.9AI score0.0029EPSS
Exploits0References5
OSV
OSV
added 2026/04/08 2:16 a.m.6 views

UBUNTU-CVE-2026-32289

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...

6.1CVSS5.8AI score0.0029EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/04/08 1:6 a.m.4 views

CVE-2026-32289

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...

6.1CVSS5.7AI score0.0029EPSS
Exploits0
EUVD
EUVD
added 2026/04/08 1:6 a.m.5 views

EUVD-2026-20018

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...

5.9AI score0.0029EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/04/08 1:6 a.m.6 views

CVE-2026-32289

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...

6.1CVSS5.2AI score0.0029EPSS
Exploits0
OSV
OSV
added 2026/04/08 1:6 a.m.3 views

CVE-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...

6.1CVSS6.7AI score0.0029EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.9 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from improper context tracking in JavaScript template literals. This can lead to content...

6.1CVSS7.1AI score0.0029EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.9 views

CVE-2025-23026

jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...

6.1CVSS6.6AI score0.0029EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/12/09 12:10 a.m.152 views

Exploit for Cross-site Scripting in Misp

MISP 2.5.27 Stored XSS Exploitation Vulnerability Identifie...

9CVSS5.3AI score0.00278EPSS
Exploits1
OSV
OSV
added 2025/11/25 6:12 p.m.4 views

GO-2025-4139 esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript in github.com/esm-dev/esm.sh

esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript in github.com/esm-dev/esm.sh...

9.6CVSS7.2AI score0.00448EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-1137

Malware in sbrugna...

7.7CVSS6.3AI score0.007EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-31778

Malicious code in bioql PyPI...

5.3CVSS8.9AI score0.00435EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2023-24540

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set...

9.8CVSS6.7AI score0.01548EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/13 7:36 p.m.22 views

CVE-2025-23026 HTML templates containing Javascript template strings are subject to XSS in jte

jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...

6.1CVSS0.0029EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/13 7:36 p.m.13 views

CVE-2025-23026 HTML templates containing Javascript template strings are subject to XSS in jte

jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...

6.1CVSS6.7AI score0.0029EPSS
Exploits0References3
Rows per page
Query Builder