11 matches found
golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting
A flaw was found in golang.org/x/net/html. A remote attacker could exploit this vulnerability by providing specially crafted HTML. When this arbitrary HTML is parsed and rendered, it can result in an unexpected HTML tree, bypassing input sanitization. This can be leveraged to execute Cross-Site...
golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass
A flaw was found in golang.org/x/net/html. When arbitrary HTML is parsed and then rendered, it can result in an unexpected HTML tree. This allows an attacker to bypass HTML sanitization mechanisms, leading to Cross-Site Scripting XSS attacks in applications. Such attacks can result in information...
CVE-2026-42502
Summary of CVE-2026-42502 : The vulnerability concerns the Go project’s HTML parsing in the package golang.org/x/net/html. The root cause is an incorrect handling of HTML elements in foreign content during parsing, which can produce an unexpected HTML tree when rendering with Render. This behavio...
GO-2026-5030 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...
AZL-76851 CVE-2025-58190 affecting package cri-tools for versions less than 1.29.0-9
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-77102 CVE-2025-58190 affecting package telegraf 1.31.0-12
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-77019 CVE-2025-47911 affecting package kubevirt 1.6.3-3
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-77079 CVE-2025-47911 affecting package terraform for versions less than 1.3.2-29
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
DEBIAN-CVE-2025-47911
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
GO-2026-4441 Infinite parsing loop in golang.org/x/net
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from Google, Inc. of the United States. There is a security vulnerability in Google Go, which stems from the html.Parse function in golang.org/x/net/html. When processing certain...