PT-2023-6563 · Unknown+9 · Net/Html Library+9

Rolandshoemaker

·

Publicado

2023-07-27

·

Atualizado

2026-04-07

·

CVE-2023-3978

CVSS v2.0

6.4

Média

VetorAV:N/AC:L/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions net/html library (affected versions not specified)
Description The issue arises from text nodes not in the HTML namespace being incorrectly literally rendered, causing text that should be escaped to not be. This could lead to an XSS attack. The vulnerability exists due to a lack of protection for the web page structure, potentially allowing a remote attacker to conduct cross-site scripting attacks.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

ALSA-2023:6474
ALSA-2023:6938
ALSA-2023:6939
AZL-27810
AZL-27813
AZL-27818
AZL-27831
AZL-31690
AZL-31858
AZL-33331
AZL-34542
AZL-34582
AZL-34624
AZL-34907
AZL-35120
AZL-35299
AZL-35348
AZL-42867
AZL-43555
AZL-44055
BDU:2023-07327
CESA-2023_6938
CESA-2023_6939
CVE-2023-3978
ECHO-A770-E404-6ACD
GHSA-2WRH-6PVC-2JM9
GO-2023-1988
OPENSUSE-SU-2024:14218-1
OPENSUSE-SU-2024_4011-1
RHSA-2023:5009
RHSA-2023:6474
RHSA-2023:6938
RHSA-2023:6939
RHSA-2023_6474
RHSA-2023_6938
RHSA-2023_6939
RHSA-2024:0944
SUSE-SU-2024:4010-1
SUSE-SU-2024:4011-1
SUSE-SU-2024:4019-1
USN-8089-1
USN-8089-2
USN-8089-3

Produtos afetados

Almalinux
Centos
Debian
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Net/Html Library