Skip to main content
Version: latest

CVE-2023-24539

CVE Details

CVE-2023-24539

Last Update

09/19/2024

NIST CVE Summary

Angle brackets <> are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a / character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.

Our Official Summary

A vulnerability was found in html-template up to 1.19.8/1.20.3 on Go. The affected component is the CSS Handler. Manipulation with an unknown input could lead to a cross-site scripting vulnerability. If the input contains special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. A fix for the images affected will be investigated.

CVE Severity

7.3

Status

Ongoing

Affected Products & Versions

  • Palette VerteX 4.4.18

Revision History

  • 1.0 09/15/2024 Initial Publication
  • 2.0 09/15/2024 Added palette VerteX 4.4.18 to Affected Products