5 matches found
Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
...
CVE-2026-42506
CVE-2026-42506 affects the Go ecosystem, specifically parsing in golang.org/x/net/html. The root cause is "invoking incorrect handling of namespaced elements in foreign content" which can produce an unexpected HTML tree during rendering. This can enable XSS in applications that sanitize input HTM...
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...
GO-2026-5025 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...