VDB

RHSA-2023%3A7197

RHSA-2023%3A7197 PUBLISHED CVSS 6.099999904632568 MEDIUM

A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security context of the hosting website once the URL is clicked. The flaw allows an attacker to steal the victim's cookie-based authentication credentials.

Risk Scores

CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersions
Red Hatopenshift4/ose-egress-dns-proxy@sha256:c1443c33368799e9e807463df771054220df237edcef9415250198c52171e2b0_s390x as a component of Red Hat OpenShift Container Platform 4.15openshift4/ose-egress-dns-proxy@sha256:c1443c33368799e9e807463df771054220df237edcef9415250198c52171e2b0_s390x, *, openshift4/ose-egress-dns-proxy@sha256:c1443c33368799e9e807463df771054220df237edcef9415250198c52171e2b0_s390x
Red Hatopenshift4/ose-local-storage-rhel9-operator@sha256:eb11e3d79f9cffe8560026bcbdebb3d31828dac23712ae7f1e10e7e1df21e81a_arm64 as a component of Red Hat OpenShift Container Platform 4.15*, openshift4/ose-local-storage-rhel9-operator@sha256:eb11e3d79f9cffe8560026bcbdebb3d31828dac23712ae7f1e10e7e1df21e81a_arm64, openshift4/ose-local-storage-rhel9-operator@sha256:eb11e3d79f9cffe8560026bcbdebb3d31828dac23712ae7f1e10e7e1df21e81a_arm64
Red Hatopenshift4/ose-ptp-rhel9@sha256:776228a1c516825a69b929d14957ca70d691036c549e5f831f99e1f42520b253_arm64 as a component of Red Hat OpenShift Container Platform 4.15openshift4/ose-ptp-rhel9@sha256:776228a1c516825a69b929d14957ca70d691036c549e5f831f99e1f42520b253_arm64, *
Red Hatopenshift4/ose-clusterresourceoverride-rhel9@sha256:09c5c795f2ffe5621167a53f4de96eeedd8796d877a144f1fdd83487a8c7d526_s390x as a component of Red Hat OpenShift Container Platform 4.15openshift4/ose-clusterresourceoverride-rhel9@sha256:09c5c795f2ffe5621167a53f4de96eeedd8796d877a144f1fdd83487a8c7d526_s390x, openshift4/ose-clusterresourceoverride-rhel9@sha256:09c5c795f2ffe5621167a53f4de96eeedd8796d877a144f1fdd83487a8c7d526_s390x, openshift4/ose-clusterresourceoverride-rhel9@sha256:09c5c795f2ffe5621167a53f4de96eeedd8796d877a144f1fdd83487a8c7d526_s390x
Red Hatopenshift4/ingress-node-firewall-rhel9@sha256:ff9dc2a7897fc0cb8802ebb7f7ce8cecdc6f6f948b507cdb1f6fd9f91cba4976_s390x as a component of Red Hat OpenShift Container Platform 4.15openshift4/ingress-node-firewall-rhel9@sha256:ff9dc2a7897fc0cb8802ebb7f7ce8cecdc6f6f948b507cdb1f6fd9f91cba4976_s390x, *
Red Hatopenshift4/ose-vertical-pod-autoscaler-rhel9@sha256:acb393393b7f2075833280eed683ff581312da3baf1406113cfcff12184fc5aa_ppc64le as a component of Red Hat OpenShift Container Platform 4.15openshift4/ose-vertical-pod-autoscaler-rhel9@sha256:acb393393b7f2075833280eed683ff581312da3baf1406113cfcff12184fc5aa_ppc64le, openshift4/ose-vertical-pod-autoscaler-rhel9@sha256:acb393393b7f2075833280eed683ff581312da3baf1406113cfcff12184fc5aa_ppc64le
Red Hatopenshift4/ptp-must-gather-rhel8@sha256:8fc64a381a4f80cf2233a07f071797d6e9fe8d1c82d072fd0330c0b20c296efa_amd64 as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatopenshift4/ose-clusterresourceoverride-rhel9-operator@sha256:7f6c0e4443099e523a1a75cd88ca2fd1de22ef7d21ad26ad6108ecfb0602d44a_ppc64le as a component of Red Hat OpenShift Container Platform 4.15*, openshift4/ose-clusterresourceoverride-rhel9-operator@sha256:7f6c0e4443099e523a1a75cd88ca2fd1de22ef7d21ad26ad6108ecfb0602d44a_ppc64le, openshift4/ose-clusterresourceoverride-rhel9-operator@sha256:7f6c0e4443099e523a1a75cd88ca2fd1de22ef7d21ad26ad6108ecfb0602d44a_ppc64le
Red Hatopenshift4/metallb-rhel9-operator@sha256:1303e54eaaa3503bd4482c47f725ab43da0a5f3ea4fdcf485531a366f8624df6_ppc64le as a component of Red Hat OpenShift Container Platform 4.15openshift4/metallb-rhel9-operator@sha256:1303e54eaaa3503bd4482c47f725ab43da0a5f3ea4fdcf485531a366f8624df6_ppc64le, *
Red Hatopenshift4/ose-clusterresourceoverride-rhel9@sha256:49dc372a9e08331aa4aaba83309e4e5e67ba93f09ea13fa6f1d78f0613d15614_amd64 as a component of Red Hat OpenShift Container Platform 4.15openshift4/ose-clusterresourceoverride-rhel9@sha256:49dc372a9e08331aa4aaba83309e4e5e67ba93f09ea13fa6f1d78f0613d15614_amd64, openshift4/ose-clusterresourceoverride-rhel9@sha256:49dc372a9e08331aa4aaba83309e4e5e67ba93f09ea13fa6f1d78f0613d15614_amd64, *
Red Hatopenshift4/ose-egress-router@sha256:4c38503c5bad2c25a1984d457b42be96a636f85202b7c00d6b46ffbcfb69d6c7_s390x as a component of Red Hat OpenShift Container Platform 4.15openshift4/ose-egress-router@sha256:4c38503c5bad2c25a1984d457b42be96a636f85202b7c00d6b46ffbcfb69d6c7_s390x, *, openshift4/ose-egress-router@sha256:4c38503c5bad2c25a1984d457b42be96a636f85202b7c00d6b46ffbcfb69d6c7_s390x
Red Hatopenshift4/ose-egress-dns-proxy@sha256:c05567cc4bc6881034769e830a6d37f84c2e260d5ea73c9a0c447ffed363c5e7_arm64 as a component of Red Hat OpenShift Container Platform 4.15*, *, *
Red Hatopenshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:c5974de46544139676e2951a17947410d67e401890ccd7b93625c583f6367166_arm64 as a component of Red Hat OpenShift Container Platform 4.15openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:c5974de46544139676e2951a17947410d67e401890ccd7b93625c583f6367166_arm64, openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:c5974de46544139676e2951a17947410d67e401890ccd7b93625c583f6367166_arm64, *
Red Hatopenshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:0a73f7dc663a392152238f937bd93bbc0857406385a4fe83678f72c2e720dbd5_arm64 as a component of Red Hat OpenShift Container Platform 4.15*, openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:0a73f7dc663a392152238f937bd93bbc0857406385a4fe83678f72c2e720dbd5_arm64
Red Hatopenshift4/sriov-cni-rhel9@sha256:b14c29f49c6c33b106ff831839672a87ced3f26dc63fb51ee78332eba5753081_ppc64le as a component of Red Hat OpenShift Container Platform 4.15*, openshift4/sriov-cni-rhel9@sha256:b14c29f49c6c33b106ff831839672a87ced3f26dc63fb51ee78332eba5753081_ppc64le
Red Hatopenshift4/ose-local-storage-mustgather-rhel9@sha256:bbe0d3a3c05760d419fc2acbe11bcc310c7f15b83202d136b0eddc4b5ec7fcb1_amd64 as a component of Red Hat OpenShift Container Platform 4.15openshift4/ose-local-storage-mustgather-rhel9@sha256:bbe0d3a3c05760d419fc2acbe11bcc310c7f15b83202d136b0eddc4b5ec7fcb1_amd64, openshift4/ose-local-storage-mustgather-rhel9@sha256:bbe0d3a3c05760d419fc2acbe11bcc310c7f15b83202d136b0eddc4b5ec7fcb1_amd64
Red Hatopenshift4/metallb-rhel9@sha256:6e3ef6523c134878f76bab0abc48c72c97e9f7f91ec95b39f93c1bc139e8c9c7_s390x as a component of Red Hat OpenShift Container Platform 4.15openshift4/metallb-rhel9@sha256:6e3ef6523c134878f76bab0abc48c72c97e9f7f91ec95b39f93c1bc139e8c9c7_s390x, openshift4/metallb-rhel9@sha256:6e3ef6523c134878f76bab0abc48c72c97e9f7f91ec95b39f93c1bc139e8c9c7_s390x
Red Hatopenshift4/ose-local-storage-rhel9-operator@sha256:2a2d2c94a80ade385f74774deedf404660f3e675c94fd56aa59eabfecc8542aa_s390x as a component of Red Hat OpenShift Container Platform 4.15*, *
Red Hatopenshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:f61bea68b4e354e2d25daf162b1c8adeebcd8c413f21b2dd6ca943bb2d9cfa2b_s390x as a component of Red Hat OpenShift Container Platform 4.15openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:f61bea68b4e354e2d25daf162b1c8adeebcd8c413f21b2dd6ca943bb2d9cfa2b_s390x, openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:f61bea68b4e354e2d25daf162b1c8adeebcd8c413f21b2dd6ca943bb2d9cfa2b_s390x
Red Hatopenshift4/ose-egress-http-proxy@sha256:b0e8398b265fe4312f07537a775b1cbf84b610e761417547f8a643d4fc604a83_arm64 as a component of Red Hat OpenShift Container Platform 4.15openshift4/ose-egress-http-proxy@sha256:b0e8398b265fe4312f07537a775b1cbf84b610e761417547f8a643d4fc604a83_arm64, openshift4/ose-egress-http-proxy@sha256:b0e8398b265fe4312f07537a775b1cbf84b610e761417547f8a643d4fc604a83_arm64

…and 292 more

Timeline

  • Feb 27, 2024 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • May 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›