vulnerability
Oracle Linux: CVE-2023-3978: ELSA-2023-6938: container-tools:4.0 security and bug fix update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:P/I:P/A:N) | 2023-08-02 | 2023-11-16 | 2025-01-07 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
2023-08-02
Added
2023-11-16
Modified
2025-01-07
Description
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security context of the hosting website once the URL is clicked. The flaw allows an attacker to steal the victim's cookie-based authentication credentials.
A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security context of the hosting website once the URL is clicked. The flaw allows an attacker to steal the victim's cookie-based authentication credentials.
Solution(s)
oracle-linux-upgrade-aardvark-dnsoracle-linux-upgrade-buildahoracle-linux-upgrade-buildah-testsoracle-linux-upgrade-cockpit-podmanoracle-linux-upgrade-conmonoracle-linux-upgrade-containernetworking-pluginsoracle-linux-upgrade-containers-commonoracle-linux-upgrade-container-selinuxoracle-linux-upgrade-critoracle-linux-upgrade-criuoracle-linux-upgrade-criu-develoracle-linux-upgrade-criu-libsoracle-linux-upgrade-crunoracle-linux-upgrade-fuse-overlayfsoracle-linux-upgrade-libslirporacle-linux-upgrade-libslirp-develoracle-linux-upgrade-netavarkoracle-linux-upgrade-oci-seccomp-bpf-hookoracle-linux-upgrade-podmanoracle-linux-upgrade-podman-catatonitoracle-linux-upgrade-podman-dockeroracle-linux-upgrade-podman-gvproxyoracle-linux-upgrade-podman-pluginsoracle-linux-upgrade-podman-remoteoracle-linux-upgrade-podman-testsoracle-linux-upgrade-python3-criuoracle-linux-upgrade-python3-podmanoracle-linux-upgrade-runcoracle-linux-upgrade-skopeooracle-linux-upgrade-skopeo-testsoracle-linux-upgrade-slirp4netnsoracle-linux-upgrade-udica
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.