Security Advisory

CVE-2023-39319

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-09-08 16:13:28

Last updated 2025-02-13 17:02:47

Assigner Go

State PUBLISHED

Description

The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.

← Browse all CVEs View on cve.org ↗