The vulnerability of the Go programming language, related to errors in processing special symbols "<>" in CSS contexts, allows attackers to execute arbitrary code.

The vulnerability of the Go programming language is related to errors in processing special symbols "" within CSS contexts. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Amazon Linux AMI : golang (ALAS-2023-1760)

The version of golang installed on the remote host is prior to 1.18.6-1.44. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1760 advisory. html/template: improper sanitization of CSS values Angle brackets were not considered dangerous characters when inserted...

OESA-2023-1294 golang security update

The Go Programming Language. Security Fixes: Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into...

Cross-site Scripting (XSS)

Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Cross-site Scripting XSS. Go Vulnerability Report:Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple...

SUSE CVE-2023-24539

Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...