Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
Metrics
No CVSS v4.0
Attack Vector Network
Attack Complexity Low
Privileges Required None
Scope Changed
Confidentiality Impact Low
Integrity Impact Low
Availability Impact None
User Interaction Required
No CVSS v3.0
No CVSS v2
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Golang |
|
Redhat |
|
Package | CPE | Advisory | Released Date |
---|---|---|---|
Cryostat 2 on RHEL 8 | |||
cryostat-tech-preview/cryostat-rhel8-operator:2.3.1-11 | cpe:/a:redhat:cryostat:2::el8 | RHSA-2023:6031 | 2023-10-23T00:00:00Z |
Migration Toolkit for Virtualization 2.4 | |||
migration-toolkit-virtualization/mtv-rhel8-operator:2.4.3-3 | cpe:/a:redhat:migration_toolkit_virtualization:2.4::el8 | RHBA-2023:6109 | 2023-10-25T00:00:00Z |
Red Hat Enterprise Linux 8 | |||
container-tools:4.0-8090020230828093056.e7857ab1 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2023:6938 | 2023-11-14T00:00:00Z |
container-tools:rhel8-8090020230825121312.e7857ab1 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2023:6939 | 2023-11-14T00:00:00Z |
Red Hat Enterprise Linux 9 | |||
podman-2:4.6.1-5.el9 | cpe:/a:redhat:enterprise_linux:9 | RHSA-2023:6474 | 2023-11-07T00:00:00Z |
Red Hat Migration Toolkit for Containers 1.7 | |||
rhmtc/openshift-migration-controller-rhel8:v1.7.13-4 | cpe:/a:redhat:rhmt:1.7::el8 | RHSA-2023:5888 | 2023-10-19T00:00:00Z |
rhmtc/openshift-migration-hook-runner-rhel8:v1.7.13-3 | cpe:/a:redhat:rhmt:1.7::el8 | RHSA-2023:5888 | 2023-10-19T00:00:00Z |
rhmtc/openshift-migration-legacy-rhel8-operator:v1.7.13-6 | cpe:/a:redhat:rhmt:1.7::el8 | RHSA-2023:5888 | 2023-10-19T00:00:00Z |
rhmtc/openshift-migration-log-reader-rhel8:v1.7.13-3 | cpe:/a:redhat:rhmt:1.7::el8 | RHSA-2023:5888 | 2023-10-19T00:00:00Z |
rhmtc/openshift-migration-must-gather-rhel8:v1.7.13-4 | cpe:/a:redhat:rhmt:1.7::el8 | RHSA-2023:5888 | 2023-10-19T00:00:00Z |
rhmtc/openshift-migration-openvpn-rhel8:v1.7.13-3 | cpe:/a:redhat:rhmt:1.7::el8 | RHSA-2023:5888 | 2023-10-19T00:00:00Z |
rhmtc/openshift-migration-operator-bundle:v1.7.13-3 | cpe:/a:redhat:rhmt:1.7::el8 | RHSA-2023:5888 | 2023-10-19T00:00:00Z |
rhmtc/openshift-migration-registry-rhel8:v1.7.13-3 | cpe:/a:redhat:rhmt:1.7::el8 | RHSA-2023:5888 | 2023-10-19T00:00:00Z |
rhmtc/openshift-migration-rhel8-operator:v1.7.13-6 | cpe:/a:redhat:rhmt:1.7::el8 | RHSA-2023:5888 | 2023-10-19T00:00:00Z |
rhmtc/openshift-migration-rsync-transfer-rhel8:v1.7.13-3 | cpe:/a:redhat:rhmt:1.7::el8 | RHSA-2023:5888 | 2023-10-19T00:00:00Z |
rhmtc/openshift-migration-ui-rhel8:v1.7.13-4 | cpe:/a:redhat:rhmt:1.7::el8 | RHSA-2023:5888 | 2023-10-19T00:00:00Z |
rhmtc/openshift-migration-velero-plugin-for-aws-rhel8:v1.7.13-3 | cpe:/a:redhat:rhmt:1.7::el8 | RHSA-2023:5888 | 2023-10-19T00:00:00Z |
rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8:v1.7.13-2 | cpe:/a:redhat:rhmt:1.7::el8 | RHSA-2023:5888 | 2023-10-19T00:00:00Z |
rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8:v1.7.13-3 | cpe:/a:redhat:rhmt:1.7::el8 | RHSA-2023:5888 | 2023-10-19T00:00:00Z |
rhmtc/openshift-migration-velero-restic-restore-helper-rhel8:v1.7.13-4 | cpe:/a:redhat:rhmt:1.7::el8 | RHSA-2023:5888 | 2023-10-19T00:00:00Z |
rhmtc/openshift-migration-velero-rhel8:v1.7.13-4 | cpe:/a:redhat:rhmt:1.7::el8 | RHSA-2023:5888 | 2023-10-19T00:00:00Z |
rhmtc/openshift-velero-plugin-rhel8:v1.7.13-3 | cpe:/a:redhat:rhmt:1.7::el8 | RHSA-2023:5888 | 2023-10-19T00:00:00Z |
Red Hat OpenShift Container Platform 4.12 | |||
openshift4/ose-machine-api-operator:v4.12.0-202401190520.p0.g04504fb.assembly.stream | cpe:/a:redhat:openshift:4.12::el8 | RHSA-2024:0485 | 2024-01-31T00:00:00Z |
Red Hat OpenShift Container Platform 4.14 | |||
openshift4/ose-aws-ebs-csi-driver-rhel8:v4.14.0-202310201027.p0.g2e2e277.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5006 | 2023-10-31T00:00:00Z |
openshift4/ose-azure-disk-csi-driver-rhel8:v4.14.0-202310201027.p0.gb19eec1.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5006 | 2023-10-31T00:00:00Z |
openshift4/ose-azure-file-csi-driver-rhel8:v4.14.0-202310201027.p0.gf401f53.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5006 | 2023-10-31T00:00:00Z |
openshift4/ose-baremetal-machine-controllers:v4.14.0-202310201027.p0.g412acb3.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5006 | 2023-10-31T00:00:00Z |
openshift4/ose-cluster-network-operator:v4.14.0-202310201027.p0.g5572bce.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5006 | 2023-10-31T00:00:00Z |
openshift4/ose-cluster-node-tuning-operator:v4.14.0-202310201027.p0.ga91f994.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5006 | 2023-10-31T00:00:00Z |
openshift4/ose-machine-api-provider-gcp-rhel8:v4.14.0-202310201027.p0.ga676e6b.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5006 | 2023-10-31T00:00:00Z |
openshift4/ose-powervs-block-csi-driver-rhel8:v4.14.0-202310201027.p0.ge9694ce.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5006 | 2023-10-31T00:00:00Z |
openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.14.0-202310201027.p0.ga5ed57f.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5006 | 2023-10-31T00:00:00Z |
openshift4/ose-aws-efs-csi-driver-container-rhel8:v4.14.0-202310201027.p0.g66925fd.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-csi-external-provisioner:v4.14.0-202310201027.p0.g78a710f.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-csi-external-provisioner-rhel8:v4.14.0-202310201027.p0.g78a710f.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-local-storage-operator:v4.14.0-202310201027.p0.gc41b6ba.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift-clients-0:4.14.0-202310191146.p0.g0c63f9d.assembly.stream.el9 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5009 | 2023-10-31T00:00:00Z |
openshift4/ose-azure-cluster-api-controllers-rhel8:v4.14.0-202311021650.p0.g7ad2773.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:6837 | 2023-11-15T00:00:00Z |
openshift4/ose-machine-api-provider-aws-rhel8:v4.14.0-202311021650.p0.ge292817.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:6837 | 2023-11-15T00:00:00Z |
openshift4/ose-machine-api-provider-azure-rhel8:v4.14.0-202311021650.p0.gb6ab233.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:6837 | 2023-11-15T00:00:00Z |
openshift4/ose-vsphere-cluster-api-controllers-rhel8:v4.14.0-202311021650.p0.g72e998c.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:6837 | 2023-11-15T00:00:00Z |
openshift4/ose-gcp-cluster-api-controllers-rhel8:v4.14.0-202311080350.p0.gd99fb31.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:7315 | 2023-11-21T00:00:00Z |
openshift4/ose-machine-api-operator:v4.14.0-202311130809.p0.ge8e6a66.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:7315 | 2023-11-21T00:00:00Z |
podman-3:4.4.1-11.2.rhaos4.14.el8 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2024:0944 | 2024-02-28T00:00:00Z |
openshift4/ose-kubevirt-cloud-controller-manager-rhel8:v4.14.0-202404161544.p0.g7d96f56.assembly.stream.el8 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2024:1891 | 2024-04-26T00:00:00Z |
Red Hat OpenShift Container Platform 4.15 | |||
openshift4/ose-sriov-network-webhook-rhel9:v4.15.0-202401261531.p0.g00e0317.assembly.stream | cpe:/a:redhat:openshift:4.15::el9 | RHSA-2023:7197 | 2024-02-27T00:00:00Z |
openshift4/ose-alibaba-cloud-controller-manager-rhel9:v4.15.0-202401261531.p0.gabf4fa9.assembly.stream | cpe:/a:redhat:openshift:4.15::el9 | RHSA-2023:7198 | 2024-02-27T00:00:00Z |
openshift4/ose-aws-cluster-api-controllers-rhel9:v4.15.0-202401261531.p0.g3e23a96.assembly.stream | cpe:/a:redhat:openshift:4.15::el9 | RHSA-2023:7198 | 2024-02-27T00:00:00Z |
openshift4/ose-azure-cloud-node-manager-rhel9:v4.15.0-202401261531.p0.g5beac87.assembly.stream | cpe:/a:redhat:openshift:4.15::el9 | RHSA-2023:7198 | 2024-02-27T00:00:00Z |
openshift4/ose-azure-cluster-api-controllers-rhel9:v4.15.0-202401261531.p0.g84ef752.assembly.stream | cpe:/a:redhat:openshift:4.15::el9 | RHSA-2023:7198 | 2024-02-27T00:00:00Z |
openshift4/ose-cluster-api-rhel9:v4.15.0-202401261531.p0.gdb1841a.assembly.stream | cpe:/a:redhat:openshift:4.15::el9 | RHSA-2023:7198 | 2024-02-27T00:00:00Z |
openshift4/ose-cluster-capi-rhel9-operator:v4.15.0-202402020339.p0.g6a24e09.assembly.stream | cpe:/a:redhat:openshift:4.15::el9 | RHSA-2023:7198 | 2024-02-27T00:00:00Z |
openshift4/ose-cluster-control-plane-machine-set-rhel9-operator:v4.15.0-202401261531.p0.gd3e0fe7.assembly.stream | cpe:/a:redhat:openshift:4.15::el9 | RHSA-2023:7198 | 2024-02-27T00:00:00Z |
openshift4/ose-cluster-kube-cluster-api-rhel9-operator:v4.15.0-202402141438.p0.g128d8e0.assembly.stream.el9 | cpe:/a:redhat:openshift:4.15::el9 | RHSA-2023:7198 | 2024-02-27T00:00:00Z |
openshift4/ose-gcp-cluster-api-controllers-rhel9:v4.15.0-202401261531.p0.g8a32c37.assembly.stream | cpe:/a:redhat:openshift:4.15::el9 | RHSA-2023:7198 | 2024-02-27T00:00:00Z |
openshift4/ose-ibmcloud-machine-controllers-rhel9:v4.15.0-202401261531.p0.g6b0b8ea.assembly.stream | cpe:/a:redhat:openshift:4.15::el9 | RHSA-2023:7198 | 2024-02-27T00:00:00Z |
openshift4/ose-machine-api-provider-aws-rhel9:v4.15.0-202401261531.p0.g0129b1e.assembly.stream | cpe:/a:redhat:openshift:4.15::el9 | RHSA-2023:7198 | 2024-02-27T00:00:00Z |
openshift4/ose-machine-api-provider-azure-rhel9:v4.15.0-202402070237.p0.g34e8ac0.assembly.stream.el9 | cpe:/a:redhat:openshift:4.15::el9 | RHSA-2023:7198 | 2024-02-27T00:00:00Z |
openshift4/ose-machine-api-provider-gcp-rhel9:v4.15.0-202401261531.p0.gb15daaf.assembly.stream | cpe:/a:redhat:openshift:4.15::el9 | RHSA-2023:7198 | 2024-02-27T00:00:00Z |
openshift4/ose-machine-api-rhel9-operator:v4.15.0-202402020339.p0.ge2b4537.assembly.stream | cpe:/a:redhat:openshift:4.15::el9 | RHSA-2023:7198 | 2024-02-27T00:00:00Z |
openshift4/ose-vsphere-cluster-api-controllers-rhel9:v4.15.0-202401261531.p0.gb21c0ba.assembly.stream | cpe:/a:redhat:openshift:4.15::el9 | RHSA-2023:7198 | 2024-02-27T00:00:00Z |
Red Hat OpenShift Service Mesh 2.4 for RHEL 8 | |||
openshift-service-mesh/istio-cni-rhel8:2.4.5-2 | cpe:/a:redhat:service_mesh:2.4::el8 | RHSA-2023:7216 | 2023-11-15T00:00:00Z |
RHODF-4.14-RHEL-9 | |||
odf4/ocs-rhel9-operator:v4.14.0-67 | cpe:/a:redhat:openshift_data_foundation:4.14::el9 | RHSA-2023:6832 | 2023-11-08T00:00:00Z |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Go
Published: 2023-08-02T19:48:56.676Z
Updated: 2024-08-02T07:08:50.711Z
Reserved: 2023-07-27T17:05:38.856Z
Link: CVE-2023-3978
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-08-02T20:15:12.097
Modified: 2023-11-07T04:20:03.647
Link: CVE-2023-3978
Redhat