Filtered by vendor Go Standard Library
Subscriptions
Filtered by product Html/template
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32289 | 2 Go Standard Library, Golang | 2 Html/template, Go | 2026-04-16 | 6.1 Medium |
| Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities. | ||||
| CVE-2026-27142 | 1 Go Standard Library | 1 Html/template | 2026-04-16 | 6.1 Medium |
| Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0. | ||||
Page 1 of 1.