Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2023-39318

Published: September 8, 2023Last modified: September 9, 2023

Description

The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.

Severity score breakdown

ParameterValue
Base score6.1
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionREQUIRED
ScopeCHANGED
ConfidentialityLOW
Integrity impactLOW
Availability impactNONE
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSgoFixed (1.21.7-r0)
StreamgoNot affected (1.21.1-r0)

References

ON THIS PAGE