VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-12jb-hpsk-aaak

Essentials
Severities (103)
References (47)
Severity details (20)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-12jb-hpsk-aaak
Aliases	CVE-2023-24539
Summary	Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.
Status	Published
Exploitability	0.5
Weighted Severity	6.6
Risk	3.3
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-176	Improper Handling of Unicode Encoding

System	Score	Found at
cvssv3	7.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24539.json
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00148	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.00902	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
epss	0.03013	https://api.first.org/data/v1/epss?cve=CVE-2023-24539
cvssv3.1	7.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.3	https://go.dev/cl/491615
cvssv3.1	7.3	https://go.dev/cl/491615
ssvc	Track	https://go.dev/cl/491615
ssvc	Track	https://go.dev/cl/491615
cvssv3.1	7.3	https://go.dev/issue/59720
cvssv3.1	7.3	https://go.dev/issue/59720
ssvc	Track	https://go.dev/issue/59720
ssvc	Track	https://go.dev/issue/59720
cvssv3.1	7.3	https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
cvssv3.1	7.3	https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
ssvc	Track	https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
ssvc	Track	https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
cvssv3	7.3	https://nvd.nist.gov/vuln/detail/CVE-2023-24539
cvssv3.1	7.3	https://nvd.nist.gov/vuln/detail/CVE-2023-24539
cvssv3.1	7.3	https://pkg.go.dev/vuln/GO-2023-1751
cvssv3.1	7.3	https://pkg.go.dev/vuln/GO-2023-1751
ssvc	Track	https://pkg.go.dev/vuln/GO-2023-1751
ssvc	Track	https://pkg.go.dev/vuln/GO-2023-1751

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24539.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-24539
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://go.dev/cl/491615
		https://go.dev/issue/59720
		https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
		https://pkg.go.dev/vuln/GO-2023-1751
		https://security.netapp.com/advisory/ntap-20241129-0005/
2196026		https://bugzilla.redhat.com/show_bug.cgi?id=2196026
cpe:2.3:a:golang:go::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go::::::::
CVE-2023-24539		https://nvd.nist.gov/vuln/detail/CVE-2023-24539
GLSA-202408-07		https://security.gentoo.org/glsa/202408-07
RHSA-2023:3318		https://access.redhat.com/errata/RHSA-2023:3318
RHSA-2023:3319		https://access.redhat.com/errata/RHSA-2023:3319
RHSA-2023:3323		https://access.redhat.com/errata/RHSA-2023:3323
RHSA-2023:3366		https://access.redhat.com/errata/RHSA-2023:3366
RHSA-2023:3367		https://access.redhat.com/errata/RHSA-2023:3367
RHSA-2023:3415		https://access.redhat.com/errata/RHSA-2023:3415
RHSA-2023:3435		https://access.redhat.com/errata/RHSA-2023:3435
RHSA-2023:3445		https://access.redhat.com/errata/RHSA-2023:3445
RHSA-2023:3540		https://access.redhat.com/errata/RHSA-2023:3540
RHSA-2023:3905		https://access.redhat.com/errata/RHSA-2023:3905
RHSA-2023:3918		https://access.redhat.com/errata/RHSA-2023:3918
RHSA-2023:4003		https://access.redhat.com/errata/RHSA-2023:4003
RHSA-2023:4093		https://access.redhat.com/errata/RHSA-2023:4093
RHSA-2023:4293		https://access.redhat.com/errata/RHSA-2023:4293
RHSA-2023:4335		https://access.redhat.com/errata/RHSA-2023:4335
RHSA-2023:4459		https://access.redhat.com/errata/RHSA-2023:4459
RHSA-2023:4470		https://access.redhat.com/errata/RHSA-2023:4470
RHSA-2023:4472		https://access.redhat.com/errata/RHSA-2023:4472
RHSA-2023:4627		https://access.redhat.com/errata/RHSA-2023:4627
RHSA-2023:4657		https://access.redhat.com/errata/RHSA-2023:4657
RHSA-2023:4664		https://access.redhat.com/errata/RHSA-2023:4664
RHSA-2023:5421		https://access.redhat.com/errata/RHSA-2023:5421
RHSA-2023:5442		https://access.redhat.com/errata/RHSA-2023:5442
RHSA-2023:5947		https://access.redhat.com/errata/RHSA-2023:5947
RHSA-2023:6346		https://access.redhat.com/errata/RHSA-2023:6346
RHSA-2023:6363		https://access.redhat.com/errata/RHSA-2023:6363
RHSA-2023:6402		https://access.redhat.com/errata/RHSA-2023:6402
RHSA-2023:6473		https://access.redhat.com/errata/RHSA-2023:6473
RHSA-2023:6474		https://access.redhat.com/errata/RHSA-2023:6474
RHSA-2023:6832		https://access.redhat.com/errata/RHSA-2023:6832
RHSA-2023:6938		https://access.redhat.com/errata/RHSA-2023:6938
RHSA-2023:6939		https://access.redhat.com/errata/RHSA-2023:6939
RHSA-2024:2944		https://access.redhat.com/errata/RHSA-2024:2944
USN-6140-1		https://usn.ubuntu.com/6140-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24539.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://go.dev/cl/491615

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://go.dev/cl/491615

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T16:39:35Z/ Found at https://go.dev/cl/491615

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://go.dev/issue/59720

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://go.dev/issue/59720

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T16:39:35Z/ Found at https://go.dev/issue/59720

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T16:39:35Z/ Found at https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2023-24539

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2023-24539

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://pkg.go.dev/vuln/GO-2023-1751

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://pkg.go.dev/vuln/GO-2023-1751

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T16:39:35Z/ Found at https://pkg.go.dev/vuln/GO-2023-1751

Exploit Prediction Scoring System (EPSS)

Percentile	0.20672
EPSS Score	0.00065
Published At	April 19, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.