CVE-2023-39318

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-39318

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39318.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-39318

Aliases

Downstream

BELL-CVE-2023-39318

DEBIAN-CVE-2023-39318

OESA-2023-1789

RHBA-2023:6364

RHBA-2023:6928

RHSA-2023:5008

RHSA-2023:5009

RHSA-2023:6840

RHSA-2023:7762

RHSA-2023:7764

RHSA-2023:7765

RHSA-2023:7766

RHSA-2024:0121

RHSA-2024:2160

RHSA-2024:2988

RHSA-2024:3352

RHSA-2024:3467

RLSA-2024:0121

RLSA-2024:2988

SUSE-SU-2023:3700-1

SUSE-SU-2023:3701-1

SUSE-SU-2023:3840-1

SUSE-SU-2023:4469-1

UBUNTU-CVE-2023-39318

USN-6574-1

USN-7061-1

USN-7109-1

openSUSE-SU-2023:0360-1

openSUSE-SU-2024:13216-1

openSUSE-SU-2024:13217-1

Related

Published

2023-09-08T17:15:27.823Z

Modified

2026-02-04T21:35:24.782074Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.

References

Affected packages

Git / github.com/golang/go

Affected ranges

Type: GIT
Repo: https://github.com/golang/go
Events: Introduced

c19c4c566c63818dfd059b352e52c4710eecf14d

Fixed

2c1e5b05fe39fc5e6c730dd60e82946b8e67c6ba

Fixed

d5b851804329aa547dafa278a0c35dd62298d651

Affected versions

go1.*

go1.21.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39318.json"