CVE-2026-39826

CVE-2026-39826 corresponds to an escaper bypass in Go’s html/template that can allow data inside a [removed] block to be incorrectly escaped if a trusted template author uses a [removed] tag with an empty or whitespace-only type attribute. This is described across multiple feeds (NVD, EUVD, Debia...

CVE-2026-39826 Escaper bypass leads to XSS in html/template

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

CVE-2026-39826

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

CVE-2026-39826

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

GO-2026-4980 Escaper bypass leads to XSS in html/template

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

CVE-2026-6002 HTML Injection in DivvyDrive Information Technologies' DivvyDrive

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

PT-2026-38567

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A flaw exists where a trusted template author can include a tag with an empty type attribute or a type attribute containing ASCII whitespace. This causes the...

www/gohugo -- CWE-79: XSS vulnerabilities

https://go.dev/issue/78913 reports: CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which occurs when the script tag contains an empty type attribute or a type attribute containing an...

GHSA-F5P7-2C9Q-8896 phpMyFAQ has Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization

Summary The FAQ creation and update endpoints in phpMyFAQ apply FILTERSANITIZESPECIALCHARS which HTML-encodes input, then immediately call htmlentitydecode which reverses the encoding, followed by Filter::removeAttributes which only strips HTML attributes — not tags. This allows , , , and tags to...

CVE-2026-41067 Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass

Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace o...

CVE-2026-41067

Summary: CVE-2026-41067 affects Astro’s SSR pipeline, where defineScriptVars sanitizes inline script values using a case-sensitive //g regex. This fails to match closing script tags when payloads use case variants (e.g., ), whitespace before &gt; (), or self-closing forms (), allowing injected HT...

BIT-PYTHON-MIN-2026-6019 BaseCookie.js_output() does not neutralize embedded characters

http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

Linux Distros Unpatched Vulnerability : CVE-2026-6019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - http.cookies.Morsel.jsoutput returns an inline snippet and only escapes for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence...

DEBIAN-CVE-2026-6019

http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

Cross-site Scripting (XSS)

Overview @marko/runtime-tags is an Optimized runtime for Marko templates. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the handling of interpolated values within or tags due to improper case-insensitive detection of closing tags. An attacker can execute arbitrar...

Cross-site Scripting (XSS)

Overview marko is an UI Components + streaming, async, high performance, HTML templating for Node.js and the browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the handling of interpolated values within or tags due to improper case-insensitive detection of...

CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters

http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

CVE-2026-6019

http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

PT-2026-34549

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The js output function in http.cookies.Morsel returns an inline snippet that only escapes double quotes for JavaScript string context. It fails to neutralize the HTML parser-sensitive sequence...