PT-2023-6563 · Unknown+9 · Net/Html Library+9

Rolandshoemaker

Published

2023-07-27

Updated

2026-04-07

CVE-2023-3978

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions net/html library (affected versions not specified)

Description The issue arises from text nodes not in the HTML namespace being incorrectly literally rendered, causing text that should be escaped to not be. This could lead to an XSS attack. The vulnerability exists due to a lack of protection for the web page structure, potentially allowing a remote attacker to conduct cross-site scripting attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALSA-2023:6474

ALSA-2023:6938

ALSA-2023:6939

AZL-27810

AZL-27813

AZL-27818

AZL-27831

AZL-31690

AZL-31858

AZL-33331

AZL-34542

AZL-34582

AZL-34624

AZL-34907

AZL-35120

AZL-35299

AZL-35348

AZL-42867

AZL-43555

AZL-44055

BDU:2023-07327

CESA-2023_6938

CESA-2023_6939

CVE-2023-3978

ECHO-A770-E404-6ACD

GHSA-2WRH-6PVC-2JM9

GO-2023-1988

OPENSUSE-SU-2024:14218-1

OPENSUSE-SU-2024_4011-1

RHSA-2023:5009

RHSA-2023:6474

RHSA-2023:6938

RHSA-2023:6939

RHSA-2023_6474

RHSA-2023_6938

RHSA-2023_6939

RHSA-2024:0944

SUSE-SU-2024:4010-1

SUSE-SU-2024:4011-1

SUSE-SU-2024:4019-1

USN-8089-1

USN-8089-2

USN-8089-3

Affected Products

Almalinux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Net/Html Library

PT-2023-6563 · Unknown+9 · Net/Html Library+9

CVE-2023-3978

Weakness Enumeration

Related Identifiers

Affected Products

References · 127