CVE-2026-42554

CVE-2026-42554 describes an XSS in Fiber’s AutoFormat content negotiation. Affected: GoFiber/v3 up to 3.1.0 and GoFiber/v2 up to 2.52.12. Root cause: the html branch of AutoFormat can emit raw, attacker-influenced data wrapped in HTML when the client sends Accept: text/html, enabling injection of...

CVE-2026-42554 Fiber: XSS in AutoFormat Content Negotiation

Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. The...

CVE-2026-42554 Fiber: XSS in AutoFormat Content Negotiation

Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. The...

Fiber vulnerable to XSS in AutoFormat Content Negotiation

Summary Description A Cross-Site Scripting CWE-79 vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. This affects github.com/gofiber/fiber/v3...

GHSA-QJV7-627W-8QJV Fiber vulnerable to XSS in AutoFormat Content Negotiation

Summary Description A Cross-Site Scripting CWE-79 vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes attacker-influenced data to the AutoFormat feature. This affects github.com/gofiber/fiber/v3...

Exploit for Improper Restriction of XML External Entity Reference in Jetbrains Ktor

CVE-2023-45612 PoC This repository contains a proof of concep...

Exploit for Improper Restriction of XML External Entity Reference in Jetbrains Ktor

Ktor XML XXE Vulnerability Reproduction CVE-2023-45612 Re...

Exploit for Improper Restriction of XML External Entity Reference in Jetbrains Ktor

CVE-2023-45612 - https://nvd.nist.gov/vuln/detail/CVE-2023-456...

Special Element Injection

curl is vulnerable to Special Element Injection. The library allows users to pass on user name and telnet options to the server without proper input scrubbing, allowing them to pass on content or do option negotiation without the application intending to do so...

DEBIAN-CVE-2016-10539

negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string...

The browser cache is Vary broken

Jake, why are your blog posts always so depressing? -- Domenic Denicola @domenic Well, I wouldn't want to disappoint… TL;DR If you use "Vary" to negotiate content, the responses will fight for the same cache space. Additionally, IE ignores "max-age" and Safari is buggy. Content negotiation using...

content_negotiation

This plugin uses HTTP content negotiation to find new resources. The plugin has three distinctive phases: Identify if the web server has content negotiation enabled. For every resource found by any other plugin, perform a request to find new related resources. For example, if another plugin finds...

Apache mod_negotiation Xss and Http Response Splitting

Apache modnegotiation Xss and Http Response Splitting Date: January 22th, 2008 Tested Versions: Apache =1.3.39 = 2.0.61 = 2.2.6 Minded Security ReferenceID: MSA01150108 Credits: Discovery by Stefano Di Paola of Minded Security stefano.dipaola at mindedsecurity.com Severity: Low/Medium Permalink:...

Apache 1.3 - Directory Index Disclosure

Apache 1.3 - Directory Index Disclosure source: https://www.securityfocus.com/bid/3009/info A possible vulnerability exists in Apache that could cause directory contents to be disclosed when directory indexing is enabled, despite the presence of an 'index.html' file. The problem is likely the...

Apache 1.3 - Directory Index Disclosure

source: https://www.securityfocus.com/bid/3009/info A possible vulnerability exists in Apache that could cause directory contents to be disclosed when directory indexing is enabled, despite the presence of an 'index.html' file. The problem is likely the result of an error in "multiview"...