GCVE - cpe:2.3:a:n/a:github.com/xyproto/algernon/engine:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:github.com/xyproto/algernon/engine:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Github.Com/Xyproto/Algernon/Engine (`971ff0da-ff4f-5f00-b6ca-b3e3315bb1aa`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-26131`	vulnerable	2026-06-08 05:57:38.682461	Details available MEDIUM (5.4) All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting (XSS) via the themes.NoPage(filename, theme) function due to improper user input sanitization. Exploiting this vulnerability is possible when a file/resource is not found. Published: 2023-05-31T05:00:01.493Z Updated: 2025-01-09T20:38:45.687Z Open on db.gcve.eu Reference links https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMXYPROTOALGERNONENGINE-3312111 https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMXYPROTOALGERNONTHEMES-3312112 https://github.com/xyproto/algernon/blob/aab484608651852d02a8a93f40baf53ed93e639a/engine/handlers.go%23L514 https://github.com/xyproto/algernon/blob/aab484608651852d02a8a93f40baf53ed93e639a/themes/html.go%23L145 https://github.com/xyproto/algernon/blob/aab484608651852d02a8a93f40baf53ed93e639a/engine/handlers.go%23L512	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.