Search for vulnerabilities
Vulnerability details: VCID-2gh9-wc9r-aaak
Vulnerability ID VCID-2gh9-wc9r-aaak
Aliases CVE-2023-39319
Summary The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2024:3352
ssvc Track https://access.redhat.com/errata/RHSA-2024:3352
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2024:3467
ssvc Track https://access.redhat.com/errata/RHSA-2024:3467
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39319.json
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00110 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00110 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00110 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00110 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00110 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00110 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00110 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00110 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00110 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00125 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00125 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
epss 0.03027 https://api.first.org/data/v1/epss?cve=CVE-2023-39319
cvssv3.1 6.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 6.1 https://nvd.nist.gov/vuln/detail/CVE-2023-39319
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2023-39319
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39319.json
https://api.first.org/data/v1/epss?cve=CVE-2023-39319
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://go.dev/cl/526157
https://go.dev/issue/62197
https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ
https://pkg.go.dev/vuln/GO-2023-2043
https://security.netapp.com/advisory/ntap-20231020-0009/
2237773 https://bugzilla.redhat.com/show_bug.cgi?id=2237773
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319
GLSA-202311-09 https://security.gentoo.org/glsa/202311-09
RHSA-2023:5008 https://access.redhat.com/errata/RHSA-2023:5008
RHSA-2023:5009 https://access.redhat.com/errata/RHSA-2023:5009
RHSA-2023:5947 https://access.redhat.com/errata/RHSA-2023:5947
RHSA-2023:5974 https://access.redhat.com/errata/RHSA-2023:5974
RHSA-2023:6085 https://access.redhat.com/errata/RHSA-2023:6085
RHSA-2023:6115 https://access.redhat.com/errata/RHSA-2023:6115
RHSA-2023:6119 https://access.redhat.com/errata/RHSA-2023:6119
RHSA-2023:6122 https://access.redhat.com/errata/RHSA-2023:6122
RHSA-2023:6145 https://access.redhat.com/errata/RHSA-2023:6145
RHSA-2023:6148 https://access.redhat.com/errata/RHSA-2023:6148
RHSA-2023:6154 https://access.redhat.com/errata/RHSA-2023:6154
RHSA-2023:6161 https://access.redhat.com/errata/RHSA-2023:6161
RHSA-2023:6200 https://access.redhat.com/errata/RHSA-2023:6200
RHSA-2023:6202 https://access.redhat.com/errata/RHSA-2023:6202
RHSA-2023:6840 https://access.redhat.com/errata/RHSA-2023:6840
RHSA-2023:7762 https://access.redhat.com/errata/RHSA-2023:7762
RHSA-2023:7764 https://access.redhat.com/errata/RHSA-2023:7764
RHSA-2023:7765 https://access.redhat.com/errata/RHSA-2023:7765
RHSA-2023:7766 https://access.redhat.com/errata/RHSA-2023:7766
RHSA-2024:0121 https://access.redhat.com/errata/RHSA-2024:0121
RHSA-2024:1383 https://access.redhat.com/errata/RHSA-2024:1383
RHSA-2024:1901 https://access.redhat.com/errata/RHSA-2024:1901
RHSA-2024:2160 https://access.redhat.com/errata/RHSA-2024:2160
RHSA-2024:2988 https://access.redhat.com/errata/RHSA-2024:2988
RHSA-2024:3352 https://access.redhat.com/errata/RHSA-2024:3352
RHSA-2024:3467 https://access.redhat.com/errata/RHSA-2024:3467
USN-6574-1 https://usn.ubuntu.com/6574-1/
USN-7061-1 https://usn.ubuntu.com/7061-1/
USN-7109-1 https://usn.ubuntu.com/7109-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:3352
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:21:05Z/ Found at https://access.redhat.com/errata/RHSA-2024:3352
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:3467
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-08T14:53:26Z/ Found at https://access.redhat.com/errata/RHSA-2024:3467
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39319.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-39319
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-39319
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.15302
EPSS Score 0.0005
Published At April 15, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.