Security Advisory

CVE-2023-29400

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-05-11 15:29:24

Last updated 2025-01-24 16:47:46

Assigner Go

State PUBLISHED

Description

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

← Browse all CVEs View on cve.org ↗