VYPR
Unrated severityNVD Advisory· Published Sep 8, 2023· Updated Feb 13, 2025

Improper handling of HTML-like comments in script contexts in html/template

CVE-2023-39318

Description

The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in contexts. This may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

73

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.