Back to bug 2228689
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2023-08-03 06:10:54 UTC | Blocks | 2228694 | |
| Avinash Hanwate | 2023-08-03 06:12:05 UTC | CC | aazores, alitke, amctagga, bbaude, chazlett, davidn, dcadzow, dkenigsb, dwalsh, dymurray, eaguilar, ebaron, eglynn, epacific, fdeutsch, gparvin, ibolton, jaharrin, jburrell, jcammara, jcantril, jeder, jhardy, jjoyce, jkang, jkoehler, jligon, jmatthew, jmontleo, jneedle, jnovy, jobarker, joelsmith, jpallich, jschluet, jwendell, lgamliel, lhh, lsm5, mabashia, mboddu, mburns, mfilanov, mgarciac, mheon, muagarwa, nboldt, njean, nobody, ocs-bugs, oramraz, osapryki, osbuilders, owatkins, pahickey, periklis, pgrist, phoracek, pjindal, pthomas, rcernich, rfreiman, rjohnson, scorneli, sfroberg, sgott, simaishi, slucidi, smcdonal, smullick, sseago, stcannon, stirabos, teagle, tsweeney, twalsh, vkareh, whayutin, yguenane, zsadeh | |
| Avinash Hanwate | 2023-08-03 06:15:30 UTC | CC | dshah, ellin, tkral | |
| Avinash Hanwate | 2023-08-03 06:50:50 UTC | Summary | CVE-2023-3978 golang.org/x/net/html: Cross site scripting | TRIAGE-CVE-2023-3978 golang.org/x/net/html: Cross site scripting |
| Alias | CVE-2023-3978 | TRIAGE-CVE-2023-3978 | ||
| Red Hat Bugzilla | 2023-08-03 08:31:10 UTC | CC | ocs-bugs | |
| Avinash Hanwate | 2023-08-03 10:11:09 UTC | CC | alitke, phoracek, stirabos | |
| Avinash Hanwate | 2023-08-03 10:12:27 UTC | CC | adudiak, kshier, tfister | |
| Avinash Hanwate | 2023-08-03 10:21:36 UTC | CC | dfreiber, rogbas, vkumar | |
| Avinash Hanwate | 2023-08-03 10:31:04 UTC | Depends On | 2228806, 2228811, 2228808, 2228807, 2228813, 2228810, 2228814, 2228815, 2228812 | |
| Avinash Hanwate | 2023-08-03 11:04:40 UTC | Depends On | 2228824, 2228825 | |
| Victor Kareh | 2023-08-03 13:04:26 UTC | CC | vkareh | |
| Joel Smith | 2023-08-03 19:06:57 UTC | CC | joelsmith | |
| Avinash Hanwate | 2023-08-07 05:22:20 UTC | Doc Text | Golang HTML package is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |
| Alias | TRIAGE-CVE-2023-3978 | CVE-2023-3978 | ||
| Summary | TRIAGE-CVE-2023-3978 golang.org/x/net/html: Cross site scripting | CVE-2023-3978 golang.org/x/net/html: Cross site scripting | ||
| Fixed In Version | golang.org/x/net/html 0.13.0 | |||
| Avinash Hanwate | 2023-08-07 05:37:35 UTC | Depends On | 2229599, 2229602, 2229582, 2229594, 2229577, 2229596, 2229595, 2229600, 2229590, 2229597, 2229603, 2229584, 2229581, 2229604, 2229591, 2229592, 2229588, 2229580, 2229587, 2229579, 2229593, 2229578, 2229607, 2229583, 2229589, 2229586, 2229598, 2229605, 2229608, 2229601, 2229585 | |
| Avinash Hanwate | 2023-08-07 05:45:30 UTC | Depends On | 2229610 | |
| Avinash Hanwate | 2023-08-07 05:47:30 UTC | Depends On | 2229611 | |
| RaTasha Tillery-Smith | 2023-08-07 12:58:42 UTC | Doc Text | Golang HTML package is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security context of the hosting website once the URL is clicked. The flaw allows an attacker to steal the victim's cookie-based authentication credentials. |
Back to bug 2228689