CVE-2023-26131

Name of the Vulnerable Software and Affected Versions github.com/xyproto/algernon/engine (affected versions not specified) github.com/xyproto/algernon/themes (affected versions not specified)

Description The issue is related to Cross-site Scripting (XSS) due to improper user input sanitization in the themes.NoPage(filename, theme) function. This can be exploited when a file or resource is not found.

Recommendations For github.com/xyproto/algernon/engine, consider disabling the themes.NoPage(filename, theme) function until a patch is available. For github.com/xyproto/algernon/themes, restrict access to the themes.NoPage(filename, theme) function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.