Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2.8
-
-
2.8
-
-
-
-
BIT-2020-24553
-
BIT-golang-2020-24553
-
2.8
2.8
-
-
-