CVE-2023-24539
CVE Details
Last Update
09/19/2024
NIST CVE Summary
Angle brackets <>
are not considered dangerous characters when inserted into CSS contexts. Templates containing
multiple actions separated by a /
character can result in unexpectedly closing the CSS context and allowing for
injection of unexpected HTML, if executed with untrusted input.
Our Official Summary
A vulnerability was found in html-template up to 1.19.8/1.20.3 on Go. The affected component is the CSS Handler.
Manipulation with an unknown input could lead to a cross-site scripting vulnerability. If the input contains special
characters such as "<", ">"
, and "&"
that could be interpreted as web-scripting elements when they are sent to a
downstream component that processes web pages. A fix for the images affected will be investigated.
CVE Severity
Status
Ongoing
Affected Products & Versions
- Palette VerteX 4.4.18
Revision History
- 1.0 09/15/2024 Initial Publication
- 2.0 09/15/2024 Added palette VerteX 4.4.18 to Affected Products