Количество 15
Количество 15
CVE-2026-27142
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0.
CVE-2026-27142
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0.
CVE-2026-27142
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0.
CVE-2026-27142
URLs in meta content attribute actions are not escaped in html/template
CVE-2026-27142
Actions which insert URLs into the content attribute of HTML meta tags ...
GHSA-j4j7-vw47-rhfq
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0.
BDU:2026-04129
Уязвимость модуля html/template языка программирования Go, позволяющая нарушителю проводить межсайтовые сценарные атаки (XSS)
ROS-20260327-73-0015
Уязвимость golang
SUSE-SU-2026:0875-1
Security update for go1.25
openSUSE-SU-2026:20342-1
Security update for go1.26
SUSE-SU-2026:0993-1
Security update for go1.26-openssl
SUSE-SU-2026:0977-1
Security update for go1.25-openssl
SUSE-SU-2026:0976-1
Security update for go1.26-openssl
SUSE-SU-2026:0947-1
Security update for go1.25-openssl
SUSE-SU-2026:0876-1
Security update for go1.26
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-27142 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0. | CVSS3: 6.1 | 0% Низкий | около 1 месяца назад |
 | CVE-2026-27142 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0. | CVSS3: 5.4 | 0% Низкий | около 1 месяца назад |
 | CVE-2026-27142 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0. | CVSS3: 6.1 | 0% Низкий | около 1 месяца назад |
 | CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template | 0% Низкий | 24 дня назад | |
| CVE-2026-27142 Actions which insert URLs into the content attribute of HTML meta tags ... | CVSS3: 6.1 | 0% Низкий | около 1 месяца назад |
| GHSA-j4j7-vw47-rhfq Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0. | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
 | BDU:2026-04129 Уязвимость модуля html/template языка программирования Go, позволяющая нарушителю проводить межсайтовые сценарные атаки (XSS) | CVSS3: 6.1 | 0% Низкий | около 1 месяца назад |
 | ROS-20260327-73-0015 Уязвимость golang | CVSS3: 6.1 | 0% Низкий | 14 дней назад |
 | SUSE-SU-2026:0875-1 Security update for go1.25 | 29 дней назад | ||
| openSUSE-SU-2026:20342-1 Security update for go1.26 | 30 дней назад | ||
| SUSE-SU-2026:0993-1 Security update for go1.26-openssl | 17 дней назад | ||
| SUSE-SU-2026:0977-1 Security update for go1.25-openssl | 18 дней назад | ||
| SUSE-SU-2026:0976-1 Security update for go1.26-openssl | 18 дней назад | ||
| SUSE-SU-2026:0947-1 Security update for go1.25-openssl | 21 день назад | ||
| SUSE-SU-2026:0876-1 Security update for go1.26 | 29 дней назад |
Уязвимостей на страницу