5.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.8%
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
go.dev/cl/514896
go.dev/issue/61615
pkg.go.dev/vuln/GO-2023-1988