CVE-2023-53155 — Cross-site Scripting in Goahead

Severity

7.2HIGHNVD

EPSS

0.1%

top 84.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJul 25

Latest updateOct 3

Description

goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.7

GHSA

GHSA-ggxj-h9gr-4qw5: goform/formTest in EmbedThis GoAhead 2↗2025-07-25

▶

CVEList

CVE-2023-53155: goform/formTest in EmbedThis GoAhead 2↗2025-07-25

▶

OSV

linux, linux-aws, linux-kvm vulnerabilities↗2025-06-04

▶

OSV

linux-aws, linux-lts-xenial vulnerabilities↗2025-06-04

▶

OSV

linux-fips vulnerabilities↗2025-06-04

▶

Suricata

ET WEB_SPECIFIC_APPS EmbedThis GoAhead Embedded Web Server HTML Injection via name Parameter (CVE-2023-53155)↗2025-10-03

▶