Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43519
HistoryOct 03, 2023 - 7:53 a.m.

Cross Site Scripting (XSS)

2023-10-0307:53:49
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
xss
vulnerability
improper handling
template parser
script context

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

42.4%

github.com/golang/go is vulnerable to Cross Site Scripting (XSS). The vulnerability is caused by a lack of proper handling of occurrences of `` context. This will make the template parser incorrectly conclude the script context resulting in XSS.

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

42.4%