Vulnerability Details CVE-2023-26131
All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting (XSS) via the themes.NoPage(filename, theme) function due to improper user input sanitization. Exploiting this vulnerability is possible when a file/resource is not found.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.9%
CVSS Severity
CVSS v3 Score 5.4
References
- https://github.com/xyproto/algernon/blob/aab484608651852d02a8a93f40baf53ed93e639a/engine/handlers.go%23L512
- https://github.com/xyproto/algernon/blob/aab484608651852d02a8a93f40baf53ed93e639a/engine/handlers.go%23L514
- https://github.com/xyproto/algernon/blob/aab484608651852d02a8a93f40baf53ed93e639a/themes/html.go%23L145
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMXYPROTOALGERNONENGINE-3312111
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMXYPROTOALGERNONTHEMES-3312112
- https://github.com/xyproto/algernon/blob/aab484608651852d02a8a93f40baf53ed93e639a/engine/handlers.go%23L512
- https://github.com/xyproto/algernon/blob/aab484608651852d02a8a93f40baf53ed93e639a/engine/handlers.go%23L514
- https://github.com/xyproto/algernon/blob/aab484608651852d02a8a93f40baf53ed93e639a/themes/html.go%23L145
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMXYPROTOALGERNONENGINE-3312111
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMXYPROTOALGERNONTHEMES-3312112
Products affected by CVE-2023-26131
-
cpe:2.3:a:algernon_project:algernon:-
-
cpe:2.3:a:algernon_project:algernon:0.2
-
cpe:2.3:a:algernon_project:algernon:0.3
-
cpe:2.3:a:algernon_project:algernon:0.4
-
cpe:2.3:a:algernon_project:algernon:0.41
-
cpe:2.3:a:algernon_project:algernon:0.42
-
cpe:2.3:a:algernon_project:algernon:0.43
-
cpe:2.3:a:algernon_project:algernon:0.44
-
cpe:2.3:a:algernon_project:algernon:0.45
-
cpe:2.3:a:algernon_project:algernon:0.46
-
cpe:2.3:a:algernon_project:algernon:0.47
-
cpe:2.3:a:algernon_project:algernon:0.48
-
cpe:2.3:a:algernon_project:algernon:0.49
-
cpe:2.3:a:algernon_project:algernon:0.50
-
cpe:2.3:a:algernon_project:algernon:0.51
-
cpe:2.3:a:algernon_project:algernon:0.52
-
cpe:2.3:a:algernon_project:algernon:0.53
-
cpe:2.3:a:algernon_project:algernon:0.54
-
cpe:2.3:a:algernon_project:algernon:0.55
-
cpe:2.3:a:algernon_project:algernon:0.56
-
cpe:2.3:a:algernon_project:algernon:0.57
-
cpe:2.3:a:algernon_project:algernon:0.58
-
cpe:2.3:a:algernon_project:algernon:0.59
-
cpe:2.3:a:algernon_project:algernon:0.60
-
cpe:2.3:a:algernon_project:algernon:0.61
-
cpe:2.3:a:algernon_project:algernon:0.62
-
cpe:2.3:a:algernon_project:algernon:0.63
-
cpe:2.3:a:algernon_project:algernon:0.64
-
cpe:2.3:a:algernon_project:algernon:0.65
-
cpe:2.3:a:algernon_project:algernon:0.66
-
cpe:2.3:a:algernon_project:algernon:0.67
-
cpe:2.3:a:algernon_project:algernon:0.68
-
cpe:2.3:a:algernon_project:algernon:0.7
-
cpe:2.3:a:algernon_project:algernon:0.71
-
cpe:2.3:a:algernon_project:algernon:0.72
-
cpe:2.3:a:algernon_project:algernon:0.73
-
cpe:2.3:a:algernon_project:algernon:0.74
-
cpe:2.3:a:algernon_project:algernon:0.75
-
cpe:2.3:a:algernon_project:algernon:0.8
-
cpe:2.3:a:algernon_project:algernon:0.81
-
cpe:2.3:a:algernon_project:algernon:0.82
-
cpe:2.3:a:algernon_project:algernon:0.83
-
cpe:2.3:a:algernon_project:algernon:0.84
-
cpe:2.3:a:algernon_project:algernon:0.85
-
cpe:2.3:a:algernon_project:algernon:0.86
-
cpe:2.3:a:algernon_project:algernon:0.87
-
cpe:2.3:a:algernon_project:algernon:0.88
-
cpe:2.3:a:algernon_project:algernon:0.89
-
cpe:2.3:a:algernon_project:algernon:0.9
-
cpe:2.3:a:algernon_project:algernon:0.91
-
cpe:2.3:a:algernon_project:algernon:0.92
-
cpe:2.3:a:algernon_project:algernon:1.0
-
cpe:2.3:a:algernon_project:algernon:1.1
-
cpe:2.3:a:algernon_project:algernon:1.10
-
cpe:2.3:a:algernon_project:algernon:1.10.1
-
cpe:2.3:a:algernon_project:algernon:1.11.0
-
cpe:2.3:a:algernon_project:algernon:1.12.0
-
cpe:2.3:a:algernon_project:algernon:1.12.1
-
cpe:2.3:a:algernon_project:algernon:1.12.10
-
cpe:2.3:a:algernon_project:algernon:1.12.11
-
cpe:2.3:a:algernon_project:algernon:1.12.12
-
cpe:2.3:a:algernon_project:algernon:1.12.14
-
cpe:2.3:a:algernon_project:algernon:1.12.2
-
cpe:2.3:a:algernon_project:algernon:1.12.3
-
cpe:2.3:a:algernon_project:algernon:1.12.4
-
cpe:2.3:a:algernon_project:algernon:1.12.5
-
cpe:2.3:a:algernon_project:algernon:1.12.6
-
cpe:2.3:a:algernon_project:algernon:1.12.7
-
cpe:2.3:a:algernon_project:algernon:1.12.8
-
cpe:2.3:a:algernon_project:algernon:1.12.9
-
cpe:2.3:a:algernon_project:algernon:1.13.0
-
cpe:2.3:a:algernon_project:algernon:1.14.0
-
cpe:2.3:a:algernon_project:algernon:1.15.0
-
cpe:2.3:a:algernon_project:algernon:1.15.1
-
cpe:2.3:a:algernon_project:algernon:1.15.2
-
cpe:2.3:a:algernon_project:algernon:1.2
-
cpe:2.3:a:algernon_project:algernon:1.2.1
-
cpe:2.3:a:algernon_project:algernon:1.3
-
cpe:2.3:a:algernon_project:algernon:1.3.1
-
cpe:2.3:a:algernon_project:algernon:1.3.2
-
cpe:2.3:a:algernon_project:algernon:1.4
-
cpe:2.3:a:algernon_project:algernon:1.4.1
-
cpe:2.3:a:algernon_project:algernon:1.4.2
-
cpe:2.3:a:algernon_project:algernon:1.4.3
-
cpe:2.3:a:algernon_project:algernon:1.4.4
-
cpe:2.3:a:algernon_project:algernon:1.4.5
-
cpe:2.3:a:algernon_project:algernon:1.5
-
cpe:2.3:a:algernon_project:algernon:1.5.1
-
cpe:2.3:a:algernon_project:algernon:1.6
-
cpe:2.3:a:algernon_project:algernon:1.7
-
cpe:2.3:a:algernon_project:algernon:1.8
-
cpe:2.3:a:algernon_project:algernon:1.9