Lucene search
K

4 matches found

RedHat Linux
RedHat Linux
added 2026/05/19 6:26 p.m.3 views

html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals

A flaw was found in the html/template package. This vulnerability arises from improper tracking of context and brace depth within JavaScript JS template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting...

6.1CVSS6.7AI score0.0029EPSS
Exploits0References8
OSV
OSV
added 2026/04/13 5:43 a.m.4 views

BIT-GOLANG-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...

6.1CVSS5.7AI score0.0029EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/08 1:6 a.m.5 views

EUVD-2026-20018

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...

5.9AI score0.0029EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/07 10:53 p.m.5 views

Cross-site Scripting (XSS)

Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Cross-site Scripting XSS. Go Vulnerability Report: Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect...

6.1CVSS5.5AI score0.0029EPSS
Exploits0References3
Rows per page
Query Builder