[RT-SA-2020-004] Inconsistent Behavior of Go's CGI and FastCGI Transport May Lead to Cross-Site Scripting

Posted by RedTeam Pentesting GmbH on Sep 02

Advisory: Inconsistent Behavior of Go’s CGI and FastCGI Transport May Lead to Cross-Site Scripting

The CGI and FastCGI implementations in the Go standard library behave
differently from the HTTP server implementation when serving content.
In contrast to the documented behavior, they may return non-HTML data as
HTML. This may lead to cross-site scripting vulnerabilities even if
uploaded data has been validated during upload.

Details
=======…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Original Source

Tags: cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

[RT-SA-2020-004] Inconsistent Behavior of Go’s CGI and FastCGI Transport May Lead to Cross-Site Scripting

Original Source

CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

CISA: Joint Guidance on Deploying AI Systems Securely

CISA: CISA Releases Four Industrial Control Systems Advisories

CISA: CISA Releases Three Industrial Control Systems Advisories

CISA: Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400

Original Source

You may have missed

CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

CISA: Joint Guidance on Deploying AI Systems Securely

CISA: CISA Releases Four Industrial Control Systems Advisories

CISA: CISA Releases Three Industrial Control Systems Advisories

CISA: Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400