VDB

RHSA-2023%3A7216

RHSA-2023%3A7216 PUBLISHED CVSS 6.099999904632568 MEDIUM

A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security context of the hosting website once the URL is clicked. The flaw allows an attacker to steal the victim's cookie-based authentication credentials.

Risk Scores

CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersions
Red Hatopenshift-service-mesh/istio-must-gather-rhel8@sha256:02b8b400f37a262e4ee0f90285ebf4a105ef3687844a682b96b856ddbc55fd98_ppc64le as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/istio-must-gather-rhel8@sha256:02b8b400f37a262e4ee0f90285ebf4a105ef3687844a682b96b856ddbc55fd98_ppc64le
Red Hatopenshift-service-mesh/grafana-rhel8@sha256:644878a22cf239131f9e668f9af86151431bb7ad92d5a8b3518e33381ced4018_s390x as a component of RHOSSM 2.4 for RHEL 8*, openshift-service-mesh/grafana-rhel8@sha256:644878a22cf239131f9e668f9af86151431bb7ad92d5a8b3518e33381ced4018_s390x
Red Hatopenshift-service-mesh/istio-cni-rhel8@sha256:49b535ec71aef9df915dacae723ce856444476027408e00100e54fa91c20af51_ppc64le as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/istio-cni-rhel8@sha256:49b535ec71aef9df915dacae723ce856444476027408e00100e54fa91c20af51_ppc64le, openshift-service-mesh/istio-cni-rhel8@sha256:49b535ec71aef9df915dacae723ce856444476027408e00100e54fa91c20af51_ppc64le
Red Hatopenshift-service-mesh/prometheus-rhel8@sha256:fd5dc2c7afa364c42fd5b8491906ce63b3b6f890a823657b0de4d70e91b036b0_arm64 as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/prometheus-rhel8@sha256:fd5dc2c7afa364c42fd5b8491906ce63b3b6f890a823657b0de4d70e91b036b0_arm64, openshift-service-mesh/prometheus-rhel8@sha256:fd5dc2c7afa364c42fd5b8491906ce63b3b6f890a823657b0de4d70e91b036b0_arm64
Red Hatopenshift-service-mesh/istio-cni-rhel8@sha256:ed9b8e150e430763f16c88392a8bd23096cd50b7b8b93ce42ab818dee3a30da4_amd64 as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/istio-cni-rhel8@sha256:ed9b8e150e430763f16c88392a8bd23096cd50b7b8b93ce42ab818dee3a30da4_amd64, openshift-service-mesh/istio-cni-rhel8@sha256:ed9b8e150e430763f16c88392a8bd23096cd50b7b8b93ce42ab818dee3a30da4_amd64
Red Hatopenshift-service-mesh/istio-rhel8-operator@sha256:d35850c8b597f1b20f813cb48c35b7ad7de4f1df143d95d1f507fbc59514e4ed_ppc64le as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/istio-rhel8-operator@sha256:d35850c8b597f1b20f813cb48c35b7ad7de4f1df143d95d1f507fbc59514e4ed_ppc64le
Red Hatopenshift-service-mesh/ratelimit-rhel8@sha256:45ad9e7feef9dc90526874512268a3f9f651eed09375bb30d683f6d1ae4b9620_amd64 as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/ratelimit-rhel8@sha256:45ad9e7feef9dc90526874512268a3f9f651eed09375bb30d683f6d1ae4b9620_amd64, openshift-service-mesh/ratelimit-rhel8@sha256:45ad9e7feef9dc90526874512268a3f9f651eed09375bb30d683f6d1ae4b9620_amd64
Red Hatopenshift-service-mesh/prometheus-rhel8@sha256:fd5dc2c7afa364c42fd5b8491906ce63b3b6f890a823657b0de4d70e91b036b0_arm64 as a component of RHOSSM 2.4 for RHEL 8*
Red Hatopenshift-service-mesh/istio-rhel8-operator@sha256:c20a411840c14baa5be2154e0d094b2cccc484826c03d1c60f21b3081262efed_amd64 as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/istio-rhel8-operator@sha256:c20a411840c14baa5be2154e0d094b2cccc484826c03d1c60f21b3081262efed_amd64
Red Hatopenshift-service-mesh/proxyv2-rhel8@sha256:3f527790de59de6b9fe54ef0eb98488d6d04ff9786b63c55b6f4ba86e3e1bbcf_ppc64le as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/proxyv2-rhel8@sha256:3f527790de59de6b9fe54ef0eb98488d6d04ff9786b63c55b6f4ba86e3e1bbcf_ppc64le, openshift-service-mesh/proxyv2-rhel8@sha256:3f527790de59de6b9fe54ef0eb98488d6d04ff9786b63c55b6f4ba86e3e1bbcf_ppc64le
Red Hatopenshift-service-mesh/istio-rhel8-operator@sha256:d35850c8b597f1b20f813cb48c35b7ad7de4f1df143d95d1f507fbc59514e4ed_ppc64le as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/istio-rhel8-operator@sha256:d35850c8b597f1b20f813cb48c35b7ad7de4f1df143d95d1f507fbc59514e4ed_ppc64le, openshift-service-mesh/istio-rhel8-operator@sha256:d35850c8b597f1b20f813cb48c35b7ad7de4f1df143d95d1f507fbc59514e4ed_ppc64le
Red Hatopenshift-service-mesh/kiali-rhel8-operator@sha256:10d7c96cf9bd4a3b148bcb6c8d4551358763d33bd6ed916a330ca74701ce863b_ppc64le as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/kiali-rhel8-operator@sha256:10d7c96cf9bd4a3b148bcb6c8d4551358763d33bd6ed916a330ca74701ce863b_ppc64le, openshift-service-mesh/kiali-rhel8-operator@sha256:10d7c96cf9bd4a3b148bcb6c8d4551358763d33bd6ed916a330ca74701ce863b_ppc64le
Red Hatopenshift-service-mesh/istio-cni-rhel8@sha256:02bc221662a1027a4dedc730ee404ef4cb020326acb7138bc30cc76cdcb1773d_s390x as a component of RHOSSM 2.4 for RHEL 8*
Red Hatopenshift-service-mesh/grafana-rhel8@sha256:f81cd557534e85f4a61b83c9e7623de5c197477d17b5fe701ae4f57b6ea38c3b_amd64 as a component of RHOSSM 2.4 for RHEL 8*, openshift-service-mesh/grafana-rhel8@sha256:f81cd557534e85f4a61b83c9e7623de5c197477d17b5fe701ae4f57b6ea38c3b_amd64
Red Hatopenshift-service-mesh/istio-must-gather-rhel8@sha256:70fbb8577a31c612aa40c5a83ea8655cb713b4abff64b10d4e44cd1cbf83c899_amd64 as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/istio-must-gather-rhel8@sha256:70fbb8577a31c612aa40c5a83ea8655cb713b4abff64b10d4e44cd1cbf83c899_amd64
Red Hatopenshift-service-mesh/istio-cni-rhel8@sha256:49b535ec71aef9df915dacae723ce856444476027408e00100e54fa91c20af51_ppc64le as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/istio-cni-rhel8@sha256:49b535ec71aef9df915dacae723ce856444476027408e00100e54fa91c20af51_ppc64le
Red Hatopenshift-service-mesh/ratelimit-rhel8@sha256:45ad9e7feef9dc90526874512268a3f9f651eed09375bb30d683f6d1ae4b9620_amd64 as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/ratelimit-rhel8@sha256:45ad9e7feef9dc90526874512268a3f9f651eed09375bb30d683f6d1ae4b9620_amd64
Red Hatopenshift-service-mesh/proxyv2-rhel8@sha256:380547be6794ee05f864be58e713507aae44dea8b1e3bf6ca06f5119d301449e_amd64 as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/proxyv2-rhel8@sha256:380547be6794ee05f864be58e713507aae44dea8b1e3bf6ca06f5119d301449e_amd64, openshift-service-mesh/proxyv2-rhel8@sha256:380547be6794ee05f864be58e713507aae44dea8b1e3bf6ca06f5119d301449e_amd64
Red Hatopenshift-service-mesh/kiali-rhel8@sha256:7390095944521e2289f9ba93bea591d049c381d962fe79ff508eed1a745a581a_ppc64le as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/kiali-rhel8@sha256:7390095944521e2289f9ba93bea591d049c381d962fe79ff508eed1a745a581a_ppc64le
Red Hatopenshift-service-mesh/pilot-rhel8@sha256:f71a9ce1d58551643217400a76280600c77c49d7777faebdb4b38892bb832757_amd64 as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/pilot-rhel8@sha256:f71a9ce1d58551643217400a76280600c77c49d7777faebdb4b38892bb832757_amd64

…and 60 more

Timeline

  • Nov 15, 2023 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 30, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›