Headline

GHSA-p4f6-h8jj-vfvf: Duplicate Advisory: Reflected XSS in go-httpbin due to unrestricted client control over Content-Type

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-528q-4pgm-wvg2. This link is maintained to preserve external references.

Original Description

A cross-site scripting (XSS) vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

7 hours ago

ghsa

Open in Source

#xss #vulnerability #web #git

GitHub Advisory Database
GitHub Reviewed
GHSA-p4f6-h8jj-vfvf

Duplicate Advisory: Reflected XSS in go-httpbin due to unrestricted client control over Content-Type

Low severity GitHub Reviewed Published Jan 2, 2026 to the GitHub Advisory Database • Updated Jan 2, 2026

Withdrawn This advisory was withdrawn on Jan 2, 2026

Package

gomod github.com/mccutchen/go-httpbin (Go)

Affected versions

<= 1.1.1

gomod github.com/mccutchen/go-httpbin/v2 (Go)

Published by the National Vulnerability Database

Jan 2, 2026

Published to the GitHub Advisory Database

Jan 2, 2026

ghsa: Latest News

GHSA-5j4h-4f72-qpm6: Bagisto has Normal & Blind SSTI from low-privilege user when ordering product

41 minutes ago

ghsa

GHSA-9hvg-qw5q-wqwp: Bagisto SSTI vulnerability in type parameter can lead to RCE

59 minutes ago

ghsa

GHSA-2mwc-h2mg-v6p8: Bagisto has HTML Filter Bypass that Enables Stored XSS

1 hour ago

ghsa

GHSA-6h7w-v2xr-mqvw: Bagisto Missing Authentication on Installer API Endpoints

1 hour ago

ghsa

GHSA-c5cp-vx83-jhqx: Langflow Missing Authentication on Critical API Endpoints

1 hour ago

ghsa