CVE-2023-3978

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
golangnetworking
𝑥
< 0.13.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
golang-golang-x-net
bookworm
no-dsa
bullseye
no-dsa
buster
postponed
sid
1:0.27.0-1
fixed
trixie
1:0.27.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
containerd
bionic
not-affected
focal
not-affected
jammy
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
oracular
not-affected
trusty
ignored
xenial
not-affected
golang-golang-x-net
bionic
ignored
focal
dne
jammy
needs-triage
lunar
ignored
mantic
ignored
noble
needs-triage
oracular
needs-triage
trusty
ignored
xenial
ignored
golang-golang-x-net-dev
bionic
needs-triage
focal
needs-triage
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
ignored
xenial
needs-triage
google-guest-agent
bionic
not-affected
focal
not-affected
jammy
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
oracular
not-affected
trusty
dne
xenial
not-affected
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
podman
RHEL 9
2:4.6.1-5.el9
fixed
podman-docker
RHEL 9
2:4.6.1-5.el9
fixed
podman-gvproxy
RHEL 9
2:4.6.1-5.el9
fixed
podman-plugins
RHEL 9
2:4.6.1-5.el9
fixed
podman-remote
RHEL 9
2:4.6.1-5.el9
fixed
podman-tests
RHEL 9
2:4.6.1-5.el9
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
amazon-ssm-agent
Amazon Linux 2
0:3.2.1705.0-1.amzn2
fixed
Amazon Linux 2023
0:3.2.1705.0-1.amzn2023
fixed
amazon-ssm-agent-debuginfo
Amazon Linux 2
0:3.2.1705.0-1.amzn2
fixed
Amazon Linux 2023
0:3.2.1705.0-1.amzn2023
fixed
amazon-ssm-agent-debugsource
Amazon Linux 2023
0:3.2.1705.0-1.amzn2023
fixed
cri-tools
Amazon Linux 2
0:1.29.0-1.amzn2.0.1
fixed
cri-tools-debuginfo
Amazon Linux 2
0:1.29.0-1.amzn2.0.1
fixed
ecs-init
Amazon Linux 2023
0:1.79.1-1.amzn2023
fixed
nerdctl
Amazon Linux 2
0:1.6.2-1.amzn2.0.2
fixed
Amazon Linux 2023
0:1.1.0-1.amzn2023.0.4
fixed
nerdctl-debuginfo
Amazon Linux 2
0:1.6.2-1.amzn2.0.2
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
application-gateway-kubernetes-ingress
Azure Linux 3.0
0:1.7.7-1.azl3
fixed
cert-manager
Azure Linux 3.0
0:1.12.12-1.azl3
fixed
CBL-Mariner 2.0
0:1.11.2-14.cm2
fixed
cni-plugins
CBL-Mariner 2.0
0:1.3.0-6.cm2
fixed
containerized-data-importer
Azure Linux 3.0
0:1.57.0-12.azl3
fixed
kubevirt
Azure Linux 3.0
0:1.2.0-1.azl3
fixed
CBL-Mariner 2.0
0:0.59.0-24.cm2
fixed
multus
Azure Linux 3.0
0:4.0.2-2.azl3
fixed
CBL-Mariner 2.0
0:4.0.2-5.cm2
fixed
packer
CBL-Mariner 2.0
0:1.9.5-3.cm2
fixed
podman
Azure Linux 3.0
0:5.6.1-2.azl3
fixed
prometheus-adapter
Azure Linux 3.0
0:0.12.0-1.azl3
fixed
telegraf
Azure Linux 3.0
0:1.29.4-1.azl3
fixed
CBL-Mariner 2.0
0:1.27.4-1.cm2
fixed
vitess
Azure Linux 3.0
0:19.0.4-2.azl3
fixed
CBL-Mariner 2.0
0:17.0.7-1.cm2
fixed