{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-39823/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":6.1,"id":"CVE-2026-39823"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["html/template"],"_cs_severities":["high"],"_cs_tags":["xss","cve-2026-39823","web application"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-39823 is a security vulnerability affecting the html/template component in Microsoft products. The vulnerability arises from a failure to properly escape URLs within the meta content attribute, leading to a potential cross-site scripting (XSS) attack. An attacker could exploit this vulnerability to inject malicious scripts into web pages rendered using the vulnerable html/template component. Successful exploitation could allow the attacker to execute arbitrary code in the context of the user\u0026rsquo;s browser, potentially leading to data theft, session hijacking, or other malicious activities. This vulnerability impacts web applications utilizing the affected Microsoft html/template component, requiring immediate attention from security teams to mitigate the risk of exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a web application using the vulnerable Microsoft html/template component.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious URL containing a payload designed to exploit the meta content URL escaping bypass.\u003c/li\u003e\n\u003cli\u003eThe attacker injects the crafted URL into a user-controlled input field or parameter that is processed by the vulnerable html/template.\u003c/li\u003e\n\u003cli\u003eThe web application renders the template, including the attacker-controlled URL within a meta tag\u0026rsquo;s content attribute.\u003c/li\u003e\n\u003cli\u003eDue to the insufficient escaping, the injected script is executed in the user\u0026rsquo;s browser when the page is loaded.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s script gains access to the user\u0026rsquo;s cookies, session tokens, or other sensitive information.\u003c/li\u003e\n\u003cli\u003eThe attacker may redirect the user to a malicious website or perform actions on their behalf.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-39823 allows an attacker to execute arbitrary JavaScript code in the context of the victim\u0026rsquo;s browser. This can lead to session hijacking, defacement of web pages, or redirection of users to malicious sites. The vulnerability affects any web application that uses the vulnerable version of Microsoft\u0026rsquo;s html/template component. The number of potential victims is dependent on the usage and exposure of the affected web applications.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security update provided by Microsoft to patch CVE-2026-39823 in the html/template component (reference: \u003ca href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-39823\"\u003ehttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-39823\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2026-39823 Exploitation Attempt via Meta Tag Injection\u0026rdquo; to identify potential exploitation attempts within web server logs.\u003c/li\u003e\n\u003cli\u003eImplement input validation and output encoding mechanisms to prevent XSS vulnerabilities in web applications.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-10T07:07:29Z","date_published":"2026-05-10T07:07:29Z","id":"/briefs/2024-05-cve-2026-39823-xss/","summary":"CVE-2026-39823 is a cross-site scripting (XSS) vulnerability in Microsoft's html/template component caused by a bypass of meta content URL escaping, potentially allowing an attacker to inject malicious scripts into web pages.","title":"CVE-2026-39823: Microsoft html/template XSS Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-05-cve-2026-39823-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-39823","version":"https://jsonfeed.org/version/1.1"}