Headline
CVE-2023-3978: x/net/html: text nodes outside of the HTML namespace improperly rendered · Issue #61615 · golang/go
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Pick a username
Email Address
Password
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Related news
Red Hat Security Advisory 2024-1891-03 - Red Hat OpenShift Container Platform release 4.14.22 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include cross site scripting, denial of service, and traversal vulnerabilities.
Red Hat Security Advisory 2024-0944-03 - Red Hat OpenShift Container Platform release 4.14.14 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a cross site scripting vulnerability.
Red Hat Security Advisory 2024-0485-03 - Red Hat OpenShift Container Platform release 4.12.48 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a cross site scripting vulnerability.
Red Hat Security Advisory 2023-6837-01 - Red Hat OpenShift Container Platform release 4.14.2 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a cross site scripting vulnerability.
Red Hat Security Advisory 2023-7216-01 - Red Hat OpenShift Service Mesh 2.4.5 Containers. Issues addressed include a cross site scripting vulnerability.
Red Hat Security Advisory 2023-5888-01 - The Migration Toolkit for Containers 1.7.13 is now available. Issues addressed include a cross site scripting vulnerability.