exploitDog

CVE-2025-45286

Опубликовано: 02 янв. 2026

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A cross-site scripting (XSS) vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Ссылки

https://github.com/advisories/GHSA-528q-4pgm-wvg2
Third Party Advisory
Patch
https://github.com/mccutchen/go-httpbin/security/advisories/GHSA-528q-4pgm-wvg2
Vendor Advisory
https://github.com/mccutchen/go-httpbin/security/advisories/GHSA-528q-4pgm-wvg2
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:httpbingo:go-httpbin:*:*:*:*:*:go:*:*

Версия до 2.18.0 (исключая)

EPSS

Процентиль: 10%

0.00035

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-80

Связанные уязвимости

GHSA-528q-4pgm-wvg2

github

11 месяцев назад

Reflected XSS in go-httpbin due to unrestricted client control over Content-Type

EPSS

Процентиль: 10%

0.00035

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-80