Search for vulnerabilities
Vulnerability details: VCID-6a5e-s2gp-aaae
Vulnerability ID VCID-6a5e-s2gp-aaae
Aliases CVE-2023-39318
Summary The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2024:3352
ssvc Track https://access.redhat.com/errata/RHSA-2024:3352
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2024:3467
ssvc Track https://access.redhat.com/errata/RHSA-2024:3467
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39318.json
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00151 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00172 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.0096 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
epss 0.03027 https://api.first.org/data/v1/epss?cve=CVE-2023-39318
cvssv3.1 6.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 6.1 https://nvd.nist.gov/vuln/detail/CVE-2023-39318
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2023-39318
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39318.json
https://api.first.org/data/v1/epss?cve=CVE-2023-39318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://go.dev/cl/526156
https://go.dev/issue/62196
https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ
https://pkg.go.dev/vuln/GO-2023-2041
https://security.netapp.com/advisory/ntap-20231020-0009/
2237776 https://bugzilla.redhat.com/show_bug.cgi?id=2237776
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318
GLSA-202311-09 https://security.gentoo.org/glsa/202311-09
RHSA-2023:5008 https://access.redhat.com/errata/RHSA-2023:5008
RHSA-2023:5009 https://access.redhat.com/errata/RHSA-2023:5009
RHSA-2023:5947 https://access.redhat.com/errata/RHSA-2023:5947
RHSA-2023:5974 https://access.redhat.com/errata/RHSA-2023:5974
RHSA-2023:6085 https://access.redhat.com/errata/RHSA-2023:6085
RHSA-2023:6115 https://access.redhat.com/errata/RHSA-2023:6115
RHSA-2023:6119 https://access.redhat.com/errata/RHSA-2023:6119
RHSA-2023:6122 https://access.redhat.com/errata/RHSA-2023:6122
RHSA-2023:6145 https://access.redhat.com/errata/RHSA-2023:6145
RHSA-2023:6148 https://access.redhat.com/errata/RHSA-2023:6148
RHSA-2023:6154 https://access.redhat.com/errata/RHSA-2023:6154
RHSA-2023:6161 https://access.redhat.com/errata/RHSA-2023:6161
RHSA-2023:6200 https://access.redhat.com/errata/RHSA-2023:6200
RHSA-2023:6202 https://access.redhat.com/errata/RHSA-2023:6202
RHSA-2023:6840 https://access.redhat.com/errata/RHSA-2023:6840
RHSA-2023:7762 https://access.redhat.com/errata/RHSA-2023:7762
RHSA-2023:7764 https://access.redhat.com/errata/RHSA-2023:7764
RHSA-2023:7765 https://access.redhat.com/errata/RHSA-2023:7765
RHSA-2023:7766 https://access.redhat.com/errata/RHSA-2023:7766
RHSA-2024:0121 https://access.redhat.com/errata/RHSA-2024:0121
RHSA-2024:1383 https://access.redhat.com/errata/RHSA-2024:1383
RHSA-2024:1901 https://access.redhat.com/errata/RHSA-2024:1901
RHSA-2024:2160 https://access.redhat.com/errata/RHSA-2024:2160
RHSA-2024:2988 https://access.redhat.com/errata/RHSA-2024:2988
RHSA-2024:3352 https://access.redhat.com/errata/RHSA-2024:3352
RHSA-2024:3467 https://access.redhat.com/errata/RHSA-2024:3467
USN-6574-1 https://usn.ubuntu.com/6574-1/
USN-7061-1 https://usn.ubuntu.com/7061-1/
USN-7109-1 https://usn.ubuntu.com/7109-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:3352
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:21:05Z/ Found at https://access.redhat.com/errata/RHSA-2024:3352
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:3467
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-08T14:53:26Z/ Found at https://access.redhat.com/errata/RHSA-2024:3467
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39318.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-39318
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-39318
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.15302
EPSS Score 0.0005
Published At April 15, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.