10 matches found
CVE-2026-43644
podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...
podinfo: cross-site scripting vulnerability in the /echo and /api/echo endpoints
podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...
CVE-2026-43644
podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...
EUVD-2026-30275
podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...
CVE-2026-43644
CVE-2026-43644 affects podinfo up to version 6.11.2. The vulnerability is a reflected XSS in the /echo and /api/echo endpoints, caused by the echoHandler writing the request body to the response without setting explicit Content-Type or X-Content-Type-Options headers. Go’s content-type detection m...
CVE-2026-43644
podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...
CVE-2026-43644 podinfo 6.11.2 Reflected XSS via /echo Endpoint
podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...
CVE-2026-43644 podinfo 6.11.2 Reflected XSS via /echo Endpoint
podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...
podinfo 跨站脚本漏洞
Podinfo is a Kubernetes microservice template developed by Stefan Prodan. Versions of Podinfo 6.11.2 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the echoHandler did not set a clear Content-Type or X-Content-Type-Options header on the...
PT-2026-40911
Name of the Vulnerable Software and Affected Versions podinfo versions prior to 6.11.3 Description A reflected cross-site scripting issue exists in the '/echo' and '/api/echo' endpoints. The echoHandler function writes request body content directly to the response without setting explicit...