Lucene search
K

377 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in babel-plugin-transform-html-template (npm)

The package babel-plugin-transform-html-template was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-15296 Malicious code in babel-plugin-transform-html-template (npm)

The package babel-plugin-transform-html-template was found to contain malicious code...

7.2AI score
Exploits0
F5 Networks
F5 Networks
added 2025/07/22 4:18 p.m.8 views

K000152671: Golang html/template vulnerabilities CVE-2023-39318,CVE-2023-39319, and CVE-2024-24785

Security Advisory Description CVE-2023-39318 The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped...

6.1CVSS6.6AI score0.00815EPSS
Exploits0
OSV
OSV
added 2025/06/27 1:16 p.m.3 views

OESA-2025-1683 etcd security update

%expand: Security Fixes: When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the memory consumed while reading a single for...

6.5CVSS6.9AI score0.01165EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:35 a.m.22 views

CVE-2024-22414

flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the /user/ page allows a user's comments to execute arbitrary javascript code. The html template user.html contains the following code snippet to render comments made by a user: comment2|safe . Use of the "safe" ta...

6.5CVSS6.9AI score0.00409EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2023-39319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The html/template package does not apply the proper rules for handling occurrences of contexts. This may cause the template parser to improperly consider script...

6.1CVSS6.8AI score0.00798EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/02/20 10:18 p.m.13 views

S3-Proxy allows Reflected Cross-site Scripting (XSS) in template implementation

Summary A Reflected Cross-site Scripting XSS vulnerability enables attackers to create malicious URLs that, when visited, inject scripts into the web application. This can lead to session hijacking or phishing attacks on a trusted domain, posing a high risk to all users. Details Give all details ...

8.4CVSS5.7AI score0.00459EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/01/24 1:37 p.m.3 views

OESA-2025-1076 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavio...

5.9CVSS6.8AI score0.02085EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/11/12 9:5 a.m.5 views

golang: html/template: errors returned from MarshalJSON methods may break template escaping

A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into...

5.4CVSS7.2AI score0.00795EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/11/12 9:5 a.m.25 views

Moderate: Red Hat Security Advisory: toolbox security update

An update for toolbox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS6.8AI score0.01414EPSS
Exploits0References6
OSV
OSV
added 2024/10/10 12:55 p.m.9 views

USN-7061-1 golang-1.17 vulnerabilities

Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. CVE-2023-24531 Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not...

9.8CVSS7.1AI score0.03796EPSS
Exploits0References12
BDU FSTEC
BDU FSTEC
added 2024/10/04 12:0 a.m.7 views

The vulnerability in the Go programming language’s html/template package allows attackers to execute XSS attacks.

The vulnerability of the Go programming language’s html/template package is related to the lack of measures taken to protect web page structures. Exploiting this vulnerability allows an attacker to perform XSS attacks remotely...

6.4CVSS6.5AI score0.00798EPSS
Exploits0References7Affected Software4
BDU FSTEC
BDU FSTEC
added 2024/10/04 12:0 a.m.6 views

The vulnerability in the Go programming language’s html/template package allows attackers to execute XSS attacks.

The vulnerability of the Go programming language’s html/template package is related to the lack of measures taken to protect web page structures. Exploiting this vulnerability allows an attacker to perform XSS attacks remotely...

6.4CVSS6.5AI score0.00815EPSS
Exploits0References7Affected Software4
Redos
Redos
added 2024/10/01 12:0 a.m.23 views

ROS-20241001-02

Vulnerability of html/template package of Golang programming language is related to incorrect handling of &ltscript&gt occurrences of &ltscript&gt, &lt!--&gt and &lt/script&gt in JS literals in &ltscript&gt contexts. Exploitation vulnerability could allow an attacker acting remotely to perform an...

7.5CVSS6.6AI score0.01146EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2024/09/12 3:48 p.m.11 views

Scammers advertise fake AppleCare+ service via GitHub repos

Weve uncovered a malicious campaign going after Mac users looking for support or extended warranty from Apple via the AppleCare+ support plans. The perpetrators are buying Google ads to lure in their victims and redirect them to bogus pages hosted on GitHub, the developer and code repository...

6.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/09/03 11:45 a.m.6 views

golang: html/template: errors returned from MarshalJSON methods may break template escaping

A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into...

5.4CVSS7.2AI score0.00795EPSS
Exploits0References8
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.186 views

Accellion FTA Statecode Cookie Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Accellion FTA 'statecode' Cookie Arbitrary File Read", 'Description' = %q This module exploits a file disclosure vulnerability in the Accellion...

9.8CVSS7AI score0.84178EPSS
Exploits12
Redos
Redos
added 2024/08/05 12:0 a.m.23 views

ROS-20240805-08

A vulnerability in the golang package of the Debian GNU/Linux operating system is related to a lack of protection for service data. data. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information A vulnerability in the golang package of the...

7.5CVSS7.9AI score0.01815EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/01 6:47 p.m.46 views

Security Bulletin: Vulnerabilities in Golang Go affect Cloud pak System [CVE-2023-39319, CVE-2023-39318]

Summary Vulnerabilities in Golang Go affect Cloud Pak System Software. Vulnerability Details CVEID:CVE-2023-39319 DESCRIPTION: Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the html/template package. A remote attacker could exploit this...

6.1CVSS7AI score0.00815EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/07/29 12:19 a.m.5 views

golang: html/template: errors returned from MarshalJSON methods may break template escaping

A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into...

5.4CVSS7.2AI score0.00795EPSS
Exploits0References8
Rows per page
Query Builder