Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43480
HistoryOct 02, 2023 - 8:15 p.m.

Cross-Site Scripting (XSS)

2023-10-0220:15:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
23
cross-site scripting
html-like comment
hashbang tokens
software security

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

41.1%

html/template is vulnerable to Cross-Site Scripting (XSS) attacks. The vulnerability exists because the package does not properly handle HTML-like โ€œโ€ comment tokens, nor hashbang โ€œ#!โ€ comment tokens, in

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

41.1%