CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
42.4%
github.com/golang/go is vulnerable to Cross Site Scripting (XSS). The vulnerability is caused by a lack of proper handling of occurrences of `` context. This will make the template parser incorrectly conclude the script context resulting in XSS.
github.com/golang/go/commit/2070531d2f53df88e312edace6c8dfc9686ab2f5
github.com/golang/go/commit/bbd043ff0d6d59f1a9232d31ecd5eacf6507bf6a
github.com/golang/go/issues/62197
github.com/golang/go/issues/62398
go.dev/cl/526157
go.dev/issue/62197
groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ
pkg.go.dev/vuln/GO-2023-2043
security.gentoo.org/glsa/202311-09
security.netapp.com/advisory/ntap-20231020-0009/