21 matches found
Medium: ecs-init
Issue Overview: Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. CVE-2023-3978 Affected Packages: ecs-init Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to...
Cross-Site Scripting (XSS)
github.com/golang/net is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape user input in text nodes outside the HTML namespace, allowing an attacker to inject and execute malicious JavaScript on a victim's browser...
SUSE CVE-2023-3978
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...
Improper rendering of text nodes in golang.org/x/net/html
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...
DEBIAN-CVE-2023-3978
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...
CVE-2023-3978
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...
AZL-27831 CVE-2023-3978 affecting package telegraf for versions less than 1.27.4-1
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...
AZL-42867 CVE-2023-3978 affecting package multus for versions less than 4.0.2-2
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...
CVE-2023-3978
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...
AZL-35299 CVE-2023-3978 affecting package telegraf for versions less than 1.29.4-1
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...
AZL-34582 CVE-2023-3978 affecting package cert-manager for versions less than 1.12.12-1
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...
AZL-34907 CVE-2023-3978 affecting package kubevirt for versions less than 1.2.0-1
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...
AZL-34542 CVE-2023-3978 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-1
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...
AZL-34624 CVE-2023-3978 affecting package containerized-data-importer for versions less than 1.57.0-12
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...
AZL-27813 CVE-2023-3978 affecting package kubevirt for versions less than 0.59.0-24
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...
AZL-44055 CVE-2023-3978 affecting package podman for versions less than 5.6.1-2
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...
CVE-2023-3978
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...
Design/Logic Flaw
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...
CVE-2023-3978 Improper rendering of text nodes in golang.org/x/net/html
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...
CVE-2023-3978 Improper rendering of text nodes in golang.org/x/net/html
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...