PT-2023-3320 · Alt Linux+9 · Alt Linux+9

Juho Nurminen

·

Published

2023-04-20

·

Updated

2024-12-03

·

CVE-2023-24539

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.
Description The issue is related to the handling of special characters < and > in CSS contexts. Templates with multiple actions separated by a '/' character can lead to the unexpected closure of the CSS context, allowing for the injection of unexpected HTML when executed with untrusted input. This could potentially enable a remote attacker to execute arbitrary code.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Special Elements Injection

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-94

Related Identifiers

ALSA-2023:6346
ALSA-2023:6363
ALSA-2023:6402
ALSA-2023:6473
ALSA-2023:6474
ALSA-2023:6938
ALSA-2023:6939
ALT-PU-2023-1699
ALT-PU-2023-1734
ALT-PU-2023-4736
ALT-PU-2023-4785
ALT-PU-2023-5492
ALT-PU-2023-7055
AZL-26614
AZL-26625
AZL-37307
AZL-37362
AZL-52668
AZL-79046
BDU:2023-03470
BIT-GOLANG-2023-24539
CESA-2023_3319
CESA-2023_6938
CESA-2023_6939
CVE-2023-24539
GO-2023-1751
MGASA-2023-0169
OESA-2023-1294
OPENSUSE-SU-2024:12907-1
OPENSUSE-SU-2024:12908-1
RHSA-2023:3318
RHSA-2023:3319
RHSA-2023:3323
RHSA-2023:3366
RHSA-2023:3445
RHSA-2023:3540
RHSA-2023:4003
RHSA-2023:4093
RHSA-2023:4459
RHSA-2023:4470
RHSA-2023:6346
RHSA-2023:6363
RHSA-2023:6402
RHSA-2023:6473
RHSA-2023:6474
RHSA-2023:6938
RHSA-2023:6939
RHSA-2023_3318
RHSA-2023_3319
RHSA-2023_6346
RHSA-2023_6363
RHSA-2023_6402
RHSA-2023_6473
RHSA-2023_6474
RHSA-2023_6938
RHSA-2023_6939
SUSE-SU-2023:2105-1
SUSE-SU-2023:2105-2
SUSE-SU-2023:2127-1
USN-6140-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu