29 matches found
EUVD-2025-205412
A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used...
CVE-2025-15095 postmanlabs httpbin core.py cross site scripting
A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used...
httpbin 代码注入漏洞
httpbin is an open source HTTP request and response service from Postman Inc. A code injection vulnerability exists in httpbin version 0.6.1 and earlier, which stems from a flaw in the file httpbin-master/httpbin/core.py and could lead to a cross-site scripting attack...
PT-2025-53434
Name of the Vulnerable Software and Affected Versions postmanlabs httpbin versions up to 0.6.1 Description A security issue exists in postmanlabs httpbin up to version 0.6.1. The issue involves cross site scripting and affects an unknown function within the httpbin-master/httpbin/core.py file. Th...
GO-2025-3554 Reflected XSS in go-httpbin due to unrestricted client control over Content-Type in github.com/mccutchen/go-httpbin
Reflected XSS in go-httpbin due to unrestricted client control over Content-Type in github.com/mccutchen/go-httpbin...
Cross-site Scripting (XSS)
Overview github.com/mccutchen/go-httpbin/v2/httpbin is a reasonably complete and well-tested golang port of Kenneth Reitz's httpbin service, with zero dependencies outside the go stdlib. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Response Content-Type...
Reflected XSS in go-httpbin due to unrestricted client control over Content-Type
Description The go-httpbin framework is vulnerable to XSS as the user can control the Response Content-Type from GET parameter. This allows attacker to execute cross site scripts in victims browser. Affected URLs: - /response-headers?Content-Type=text/html&xss=%3Cimg/src/onerror=alert%27xss%27%3E...
GHSA-528Q-4PGM-WVG2 Reflected XSS in go-httpbin due to unrestricted client control over Content-Type
Description The go-httpbin framework is vulnerable to XSS as the user can control the Response Content-Type from GET parameter. This allows attacker to execute cross site scripts in victims browser. Affected URLs: - /response-headers?Content-Type=text/html&xss=%3Cimg/src/onerror=alert%27xss%27%3E...
Exploit for Authentication Bypass by Spoofing in Apache Apisix
CVE-2022-24112 CVE-2022-24112: Apache APISIX apisix/batch-re...