The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.
History

Thu, 26 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 08 Sep 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Distributed Tracing
CPEs cpe:/a:redhat:acm:2.6::el8
cpe:/a:redhat:multicluster_engine:2.1::el8
cpe:/a:redhat:openshift_distributed_tracing:2.9::el8
Vendors & Products Redhat openshift Distributed Tracing

Mon, 19 Aug 2024 22:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.6::el8
cpe:/a:redhat:multicluster_engine:2.1::el8
cpe:/a:redhat:openshift_distributed_tracing:2.9::el8
Vendors & Products Redhat openshift Distributed Tracing

cve-icon MITRE

Status: PUBLISHED

Assigner: Go

Published: 2023-09-08T16:13:28.663Z

Updated: 2024-09-26T16:04:58.123Z

Reserved: 2023-07-27T17:05:55.186Z

Link: CVE-2023-39319

cve-icon Vulnrichment

Updated: 2024-08-02T18:02:06.746Z

cve-icon NVD

Status : Modified

Published: 2023-09-08T17:15:27.910

Modified: 2024-11-21T08:15:08.890

Link: CVE-2023-39319

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-09-06T00:00:00Z

Links: CVE-2023-39319 - Bugzilla