Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/05/07 7:41 p.m.15 views

CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

7.3AI score0.00328EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.15 views

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2026-1534)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1534 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir o...

9.1CVSS7.4AI score0.01557EPSS
Exploits1References10
OSV
OSV
added 2026/03/10 8:44 a.m.3 views

BIT-GOLANG-2026-27142 URLs in meta content attribute actions are not escaped in html/template

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS5.7AI score0.00328EPSS
Exploits0References5
OSV
OSV
added 2026/03/06 10:16 p.m.8 views

AZL-79622 CVE-2026-27142 affecting package golang 1.26.0-1

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS5.6AI score0.00328EPSS
Exploits0References1
CVE
CVE
added 2026/03/06 9:28 p.m.87 views

CVE-2026-27142

CVE-2026-27142 is disclosed as an issue where URLs inserted into the content attribute of HTML meta tags were not escaped, potentially enabling XSS when the meta tag has http-equiv="refresh". Public advisories (ALAS2-2026-3310, ALAS2-2026-3313, ALAS2-2026-3311, ALAS2023-2026-1771, etc.) link this...

6.1CVSS5.7AI score0.00328EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/06 9:28 p.m.2 views

CVE-2026-27142

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS5.7AI score0.00328EPSS
Exploits0
Rows per page
Query Builder