Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00065}

epss

{'score': 0.00067}


Fri, 24 Jan 2025 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 29 Nov 2024 12:30:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Go

Published:

Updated: 2025-01-24T16:41:28.222Z

Reserved: 2023-01-25T21:19:20.642Z

Link: CVE-2023-24539

cve-icon Vulnrichment

Updated: 2024-11-29T12:04:36.503Z

cve-icon NVD

Status : Modified

Published: 2023-05-11T16:15:09.600

Modified: 2025-01-24T17:15:10.670

Link: CVE-2023-24539

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-04-20T00:00:00Z

Links: CVE-2023-24539 - Bugzilla

cve-icon OpenCVE Enrichment

No data.