Vulnerabilities

[RT-SA-2020-004] Inconsistent Behavior of Go’s CGI and FastCGI Transport May Lead to Cross-Site Scripting

September 2, 2020

Posted by RedTeam Pentesting GmbH on Sep 02

Advisory: Inconsistent Behavior of Go’s CGI and FastCGI Transport May Lead to Cross-Site Scripting

The CGI and FastCGI implementations in the Go standard library behave
differently from the HTTP server implementation when serving content.
In contrast to the documented behavior, they may return non-HTML data as
HTML. This may lead to cross-site scripting vulnerabilities even if
uploaded data has been validated during upload.

Details
=======…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Original Source

CISA

CISA: Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

November 24, 2024

CISA

CISA: CISA Releases Four Industrial Control Systems Advisories

November 24, 2024

CISA

CISA: JCDC’s Industry-Government Collaboration Speeds Mitigation of CrowdStrike IT Outage

November 24, 2024

CISA

CISA: CISA Releases Three Industrial Control Systems Advisories

November 24, 2024

CISA

CISA: Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments

November 24, 2024

Original Source

You may have missed

CISA: Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

CISA: CISA Releases Four Industrial Control Systems Advisories

CISA: JCDC’s Industry-Government Collaboration Speeds Mitigation of CrowdStrike IT Outage

CISA: CISA Releases Three Industrial Control Systems Advisories

CISA: Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments