CVE-2023-53155
published 2025-07-25CVE-2023-53155: goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter.
PriorityP342high7.2CVSS 3.1
AVNACLPRNUINSCCLILAN
EPSS
0.52%
40.4th percentile
goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| embedthis | goahead | — | — |
| linux | linux_kernel | >= 0 < 4.4.0-269.303 | 4.4.0-269.303 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ggxj-h9gr-4qw5: goform/formTest in EmbedThis GoAhead 2
ghsa_unreviewed·2025-07-25
CVE-2023-53155 [HIGH] CWE-79 GHSA-ggxj-h9gr-4qw5: goform/formTest in EmbedThis GoAhead 2
goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter.
OSV
linux, linux-aws, linux-kvm vulnerabilities
osv·2025-06-04·CVSS 5.5
CVE-2024-42301 linux, linux-aws, linux-kvm vulnerabilities
linux, linux-aws, linux-kvm vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- Clock framework and drivers;
- GPU drivers;
- Parport drivers;
- Ext4 file system;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-42301, CVE-2024-56596, CVE-2024-56551, CVE-2023-52458,
CVE-2024-57850, CVE-2024-47701, CVE-2024-53168, CVE-2021-47211,
CVE-2024-53155, CVE-2024-26966, CVE-2021-47353)
OSV
linux-aws, linux-lts-xenial vulnerabilities
osv·2025-06-04·CVSS 5.5
CVE-2024-42301 linux-aws, linux-lts-xenial vulnerabilities
linux-aws, linux-lts-xenial vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- Clock framework and drivers;
- GPU drivers;
- Parport drivers;
- Ext4 file system;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-42301, CVE-2024-53168, CVE-2024-57850, CVE-2024-47701,
CVE-2021-47211, CVE-2023-52458, CVE-2024-56551, CVE-2024-26966,
CVE-2024-53155, CVE-2024-56596, CVE-2021-47353)
OSV
linux-fips vulnerabilities
osv·2025-06-04·CVSS 5.5
CVE-2024-42301 linux-fips vulnerabilities
linux-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- Clock framework and drivers;
- GPU drivers;
- Parport drivers;
- Ext4 file system;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-42301, CVE-2024-26966, CVE-2023-52458, CVE-2024-47701,
CVE-2024-53155, CVE-2021-47211, CVE-2024-57850, CVE-2024-56551,
CVE-2021-47353, CVE-2024-56596, CVE-2024-53168)
CISA ICS
Hitachi Energy MSM Product
cisa_ics·2025-10-02·CVSS 7.2
[HIGH] Hitachi Energy MSM Product
ICS Advisory
##
Hitachi Energy MSM Product
Release DateOctober 02, 2025
Alert CodeICSA-25-275-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: MSM Product
- Vulnerabilities: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Reachable Assertion
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow HTML injection via the name parameter or an assertion failure in fuzz_binary_decode, resulting in a crash.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Hitachi Energy reports that the following products are affe
Suricata
ET WEB_SPECIFIC_APPS EmbedThis GoAhead Embedded Web Server HTML Injection via name Parameter (CVE-2023-53155)
suricata·2025-10-03·CVSS 7.2
CVE-2023-53155 [HIGH] ET WEB_SPECIFIC_APPS EmbedThis GoAhead Embedded Web Server HTML Injection via name Parameter (CVE-2023-53155)
ET WEB_SPECIFIC_APPS EmbedThis GoAhead Embedded Web Server HTML Injection via name Parameter (CVE-2023-53155)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS EmbedThis GoAhead Embedded Web Server HTML Injection via name Parameter (CVE-2023-53155)"; flow:established,to_server; http.uri; content:"/goform/formtest|3f|"; fast_pattern; nocase; content:"name|3d|"; pcre:"/^(?:[^\x3c\x26\x25]*?)(?:\x3c|\x26(?:lt|#60|#x3c)\x3b|\x253[cC])(?:(?!\x3e|\x26(?:gt|#62|#x3e)\x3b|\x253[eE]).)+(?:\x3e|\x26(?:gt|#62|#x3e)\x3b|\x253[eE])(?:(?!\x3c|\x26(?:lt|#60|#x3c)\x3b|\x253[cC]).)+(?:\x3c|\x26(?:lt|#60|#x3c)\x3b|\x253[cC])(?:\x2f|\x26(?:sol|#47|#x2f)\x3b|\x2f)(?:(?!\x3e|\x26(?:gt|#62|#x3e)\x3b|\x253[eE]).)+(?:\x3e|\x26(?:gt|#62|#x3e)\x3b|\x253[eE])/R"; reference:url,www.exploit-db.com/
No public exploits indexed.
No writeups or analysis indexed.
2025-07-25
Published