VDB

CISA-2023-3978

CISA-2023-3978 PUBLISHED

Reported by Go · Published August 2, 2023

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

Affected Products

VendorProductVersions
golang.org/x/netgolang.org/x/net/html0
golang.org/x/netgolang.org/x/net/html0, 0

Timeline

  • Aug 2, 2023 CVE Published
  • Sep 27, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›