14 matches found
BIT-GOLANG-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...
PT-2026-32424
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...
CVE-2026-32289
A flaw was found in the html/template package. This vulnerability arises from improper tracking of context and brace depth within JavaScript JS template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting...
CVE-2026-32289
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...
DEBIAN-CVE-2026-32289
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...
UBUNTU-CVE-2026-32289
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...
CVE-2026-32289
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...
CVE-2026-32289
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...
EUVD-2026-20018
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...
CVE-2026-32289
CVE-2026-32289 is a documented issue where html/template failed to correctly track JS template literal context, risking improper escaping and potential XSS. Portable across Go toolchains, it was addressed by the Go project in updates to go1.25.9 and go1.26.2, and these fixes are reflected in SUSE...
CVE-2026-32289
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...
Cross-site Scripting (XSS)
Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Cross-site Scripting XSS. Go Vulnerability Report: Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect...
GO-2026-4865 JsBraceDepth Context Tracking Bugs (XSS) in html/template
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...
PT-2026-31066
Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description Improper tracking of context across template branches within JavaScript template literals could lead to incorrect content escaping when branches are used. Additionally, template actions inside these literals d...