contexts. This may cause the template parser to improperly interpret th…"/> contexts. This may cause the template parser to improperly interpret th…"/> contexts. This may cause the template parser to improperly interpret th…"/>
VDB

DEBIAN-CVE-2023-39318

DEBIAN-CVE-2023-39318 PUBLISHED CVSS 6.099999904632568 MEDIUM

The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.

Risk Scores

CVSS v3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersions
Debian:12golang-1.190, 1.19.10-1, 1.19.10-2
Debian:11golang-1.151.15.15-1, 1.15.15-1~deb11u1, 1.15.15-1~deb11u3

Timeline

  • Sep 8, 2023 CVE Published
  • Apr 28, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›