Duplicate Advisory: Reflected XSS in go-httpbin due to unrestricted client control over Content-Type

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-528q-4pgm-wvg2. This link is maintained to preserve external references. Original Description A cross-site scripting XSS vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scrip...

GHSA-P4F6-H8JJ-VFVF Duplicate Advisory: Reflected XSS in go-httpbin due to unrestricted client control over Content-Type

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-528q-4pgm-wvg2. This link is maintained to preserve external references. Original Description A cross-site scripting XSS vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scrip...

EUVD-2026-0035

Duplicate Advisory: Reflected XSS in go-httpbin due to unrestricted client control over Content-Type...

EUVD-2025-7205

A cross-site scripting XSS vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

go-httpbin 安全漏洞

go-httpbin is a port framework by Will McCutchen, an individual developer. A security vulnerability exists in go-httpbin version v2.17.1, which stems from vulnerability to cross-site scripting attacks...

GO-2025-3554 Reflected XSS in go-httpbin due to unrestricted client control over Content-Type in github.com/mccutchen/go-httpbin

Reflected XSS in go-httpbin due to unrestricted client control over Content-Type in github.com/mccutchen/go-httpbin...

Cross-site Scripting (XSS)

Overview github.com/mccutchen/go-httpbin/v2/httpbin is a reasonably complete and well-tested golang port of Kenneth Reitz's httpbin service, with zero dependencies outside the go stdlib. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Response Content-Type...

Reflected XSS in go-httpbin due to unrestricted client control over Content-Type

Description The go-httpbin framework is vulnerable to XSS as the user can control the Response Content-Type from GET parameter. This allows attacker to execute cross site scripts in victims browser. Affected URLs: - /response-headers?Content-Type=text/html&xss=%3Cimg/src/onerror=alert%27xss%27%3E...

GHSA-528Q-4PGM-WVG2 Reflected XSS in go-httpbin due to unrestricted client control over Content-Type

Description The go-httpbin framework is vulnerable to XSS as the user can control the Response Content-Type from GET parameter. This allows attacker to execute cross site scripts in victims browser. Affected URLs: - /response-headers?Content-Type=text/html&xss=%3Cimg/src/onerror=alert%27xss%27%3E...