GHSA-528Q-4PGM-WVG2 Reflected XSS in go-httpbin due to unrestricted client control over Content-Type
Description The go-httpbin framework is vulnerable to XSS as the user can control the Response Content-Type from GET parameter. This allows attacker to execute cross site scripts in victims browser. Affected URLs: - /response-headers?Content-Type=text/html&xss=%3Cimg/src/onerror=alert%27xss%27%3E...