Filtered by vendor Go Standard Library
Subscriptions
Filtered by product Html/template
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27142 | 1 Go Standard Library | 1 Html/template | 2026-03-10 | 7.5 High |
| Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0. | ||||
Page 1 of 1.