The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 26 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 08 Sep 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Distributed Tracing
CPEs cpe:/a:redhat:acm:2.6::el8
cpe:/a:redhat:multicluster_engine:2.1::el8
cpe:/a:redhat:openshift_distributed_tracing:2.9::el8
Vendors & Products Redhat openshift Distributed Tracing

Mon, 19 Aug 2024 22:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.6::el8
cpe:/a:redhat:multicluster_engine:2.1::el8
cpe:/a:redhat:openshift_distributed_tracing:2.9::el8
Vendors & Products Redhat openshift Distributed Tracing

cve-icon MITRE

Status: PUBLISHED

Assigner: Go

Published:

Updated: 2025-02-13T17:02:46.777Z

Reserved: 2023-07-27T17:05:55.186Z

Link: CVE-2023-39318

cve-icon Vulnrichment

Updated: 2024-08-02T18:02:06.918Z

cve-icon NVD

Status : Modified

Published: 2023-09-08T17:15:27.823

Modified: 2024-11-21T08:15:08.737

Link: CVE-2023-39318

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-09-06T00:00:00Z

Links: CVE-2023-39318 - Bugzilla

cve-icon OpenCVE Enrichment

No data.