XSS via incorrect rendering of nonHTML namespace text nodes
CVE-2023-3978 Published on August 2, 2023

Improper rendering of text nodes in golang.org/x/net/html
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

NVD

Products Associated with CVE-2023-3978

stack.watch emails you whenever new vulnerabilities are published in GoLang Networking or Canonical Ubuntu Linux. Just hit a watch button to start following.

GoLang Networking

Canonical Ubuntu Linux

Affected Versions

golang.org/x/net/html:

Before 0.13.0 is affected.

Exploit Probability

EPSS

0.10%

Percentile

26.93%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

XSS via incorrect rendering of nonHTML namespace text nodesCVE-2023-3978 Published on August 2, 2023

Products Associated with CVE-2023-3978

Affected Versions

Exploit Probability

XSS via incorrect rendering of nonHTML namespace text nodes
CVE-2023-3978 Published on August 2, 2023