2 matches found
CVE-2025-45286
A cross-site scripting XSS vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
GHSA-528Q-4PGM-WVG2 Reflected XSS in go-httpbin due to unrestricted client control over Content-Type
Description The go-httpbin framework is vulnerable to XSS as the user can control the Response Content-Type from GET parameter. This allows attacker to execute cross site scripts in victims browser. Affected URLs: - /response-headers?Content-Type=text/html&xss=%3Cimg/src/onerror=alert%27xss%27%3E...