View all vulnerabilities

CVE-2023-3978

Improper rendering of text nodes in golang.org/x/net/html

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
6
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Versions
golang.org/x/net < 0.13.0
Severity
Medium
Ecosystem
GO
Publish Date
August 2, 2023
Modified Date
October 22, 2024