[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-39823":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T08:55:34.825Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":48,"downstream":49,"duplicates":58,"related":59,"reserved_at":9,"published_at":64,"modified_at":65,"state":66,"summary":67,"references_raw":76,"kevs":102,"epss":103,"epss_history":106,"metrics":188,"affected":196},"CVE-2026-39823","CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003Cmeta> tag's \u003Ccontent> attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003Ccontent> attribute, the escaper would fail to similarly escape it, leading to XSS.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[46,47],"GO-2026-4982","BIT-golang-2026-39823",[],[50,52,54,56],{"_key":51},"OPENSUSE-SU-2026:10723-1",{"_key":53},"OPENSUSE-SU-2026:10741-1",{"_key":55},"DEBIAN-CVE-2026-39823",{"_key":57},"UBUNTU-CVE-2026-39823",[],[60,61,62],{"_key":51},{"_key":53},{"_key":63},"CGA-X3R8-CGG4-9Q3G","2026-05-07T19:41:19.524Z","2026-05-08T14:05:55.152Z","Analyzed",{"cisa_kev":68,"cisa_ransomware":68,"cisa_vendor":9,"epss_severity":69,"epss_score":70,"severity":71,"severity_score":72,"severity_version":73,"severity_source":74,"severity_vector":75,"severity_status":66},false,"low",0.0001,"medium",6.1,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[77,85,91,97],{"url":78,"sources":79,"tags":82},"https://go.dev/issue/78913",[74,80,81],"nvd","osv_go",[83,84],"REPORT","Issue Tracking",{"url":86,"sources":87,"tags":88},"https://go.dev/cl/769920",[74,80,81],[89,90],"FIX","Patch",{"url":92,"sources":93,"tags":94},"https://groups.google.com/g/golang-announce/c/qcCIEXso47M",[74,80,81],[95,96],"WEB","Release Notes",{"url":98,"sources":99,"tags":100},"https://pkg.go.dev/vuln/GO-2026-4982",[74,80],[101],"Vendor Advisory",[],{"date":104,"score":70,"percentile":105},"2026-06-05",0.01246,[107,111,115,118,121,124,128,131,134,137,140,143,146,149,152,155,157,160,162,164,167,170,173,175,178,181,183,185,187],{"date":108,"score":109,"percentile":110},"2026-05-08",0.00011,0.01489,{"date":112,"score":113,"percentile":114},"2026-05-09",0.00013,0.02192,{"date":116,"score":113,"percentile":117},"2026-05-10",0.0219,{"date":119,"score":113,"percentile":120},"2026-05-11",0.02191,{"date":122,"score":113,"percentile":123},"2026-05-12",0.02175,{"date":125,"score":126,"percentile":127},"2026-05-13",0.00014,0.02818,{"date":129,"score":70,"percentile":130},"2026-05-14",0.01188,{"date":132,"score":70,"percentile":133},"2026-05-15",0.01186,{"date":135,"score":70,"percentile":136},"2026-05-16",0.0118,{"date":138,"score":70,"percentile":139},"2026-05-17",0.01178,{"date":141,"score":70,"percentile":142},"2026-05-18",0.01174,{"date":144,"score":70,"percentile":145},"2026-05-19",0.0117,{"date":147,"score":70,"percentile":148},"2026-05-20",0.01162,{"date":150,"score":70,"percentile":151},"2026-05-21",0.01157,{"date":153,"score":70,"percentile":154},"2026-05-22",0.01232,{"date":156,"score":70,"percentile":154},"2026-05-23",{"date":158,"score":70,"percentile":159},"2026-05-24",0.01234,{"date":161,"score":70,"percentile":159},"2026-05-25",{"date":163,"score":70,"percentile":154},"2026-05-26",{"date":165,"score":70,"percentile":166},"2026-05-27",0.01242,{"date":168,"score":70,"percentile":169},"2026-05-28",0.01237,{"date":171,"score":70,"percentile":172},"2026-05-29",0.01243,{"date":174,"score":70,"percentile":166},"2026-05-30",{"date":176,"score":70,"percentile":177},"2026-05-31",0.01244,{"date":179,"score":70,"percentile":180},"2026-06-01",0.01236,{"date":182,"score":70,"percentile":166},"2026-06-02",{"date":184,"score":70,"percentile":169},"2026-06-03",{"date":186,"score":70,"percentile":169},"2026-06-04",{"date":104,"score":70,"percentile":105},[189,194],{"source":74,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":190,"cvss_v4_0":9},{"baseScore":72,"baseSeverity":191,"vectorString":75,"impactScore":192,"exploitabilityScore":193},"MEDIUM",4.5,7.2,{"source":80,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":195,"cvss_v4_0":9},{"baseScore":72,"baseSeverity":191,"vectorString":75,"impactScore":192,"exploitabilityScore":193},[197,212,222],{"ecosystem":9,"name":198,"vendor":199,"product":198,"cpe_part":200,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":201},"html/template","go standard library","a",[202,207],{"version":203,"is_range":204,"range_type":74,"version_start":9,"version_start_type":9,"version_end":205,"version_end_type":206,"fixed_in":9},"\u003C 1.25.10",true,"1.25.10","excluding",{"version":208,"is_range":204,"range_type":74,"version_start":209,"version_start_type":210,"version_end":211,"version_end_type":206,"fixed_in":9},">= 1.26.0-0, \u003C 1.26.3","1.26.0-0","including","1.26.3",{"ecosystem":9,"name":213,"vendor":214,"product":213,"cpe_part":200,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":215},"go","golang",[216,219],{"version":217,"is_range":204,"range_type":218,"version_start":9,"version_start_type":9,"version_end":205,"version_end_type":206,"fixed_in":9},"lt1.25.10","cpe",{"version":220,"is_range":204,"range_type":218,"version_start":221,"version_start_type":210,"version_end":211,"version_end_type":206,"fixed_in":9},"gte1.26.0_lt1.26.3","1.26.0",{"ecosystem":223,"name":224,"vendor":223,"product":224,"cpe_part":9,"purl_type":214,"purl_namespace":9,"purl_name":224,"source":9,"versions":225},"Go","stdlib",[226],{"version":227,"is_range":204,"range_type":228,"version_start":209,"version_start_type":210,"version_end":211,"version_end_type":206,"fixed_in":9},"gte1_26_0_0_lt1_26_3","semver"]