Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/05/11 9:47 p.m.41 views

CVE-2026-42554 Fiber: XSS in AutoFormat Content Negotiation

Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. The...

5.3CVSS0.00212EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/05 8:13 p.m.15 views

Fiber vulnerable to XSS in AutoFormat Content Negotiation

Summary Description A Cross-Site Scripting CWE-79 vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. This affects github.com/gofiber/fiber/v3...

6.1CVSS6AI score0.00212EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2026/05/05 8:13 p.m.6 views

GHSA-QJV7-627W-8QJV Fiber vulnerable to XSS in AutoFormat Content Negotiation

Summary Description A Cross-Site Scripting CWE-79 vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. This affects github.com/gofiber/fiber/v3...

5.3CVSS6AI score0.00212EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/05 8:13 p.m.7 views

Cross-site Scripting (XSS)

Overview github.com/gofiber/fiber is an Express inspired web framework written in Go. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the AutoFormat process. An attacker can inject arbitrary HTML or JavaScript by supplying a crafted Accept: text/html header and...

6.1CVSS6AI score0.00212EPSS
Exploits1References2
Rows per page
Query Builder