Xss

🟠 High | Source: Microsoft Security Response Center CVE-2026-27136 is a Cross-Site Scripting (XSS) vulnerability in the Go standard library package golang.org/x/net/html, triggered by invoking duplicate HTML attributes during parsing. An attacker able to influence HTML content processed by an affected Go application could inject malicious scripts into users’ browsers. This is particularly relevant to cloud-hosted Go applications and services built on Azure that rely on this library for HTML handling. ...

🟠 High | Source: Microsoft Security Response Center CVE-2026-42506 is a vulnerability in the golang.org/x/net/html package where namespaced elements in foreign content (such as SVG or MathML within HTML) are handled incorrectly, potentially allowing malformed input to bypass parsing expectations. This could be exploited to conduct cross-site scripting (XSS) or HTML injection attacks in applications that rely on this Go library for HTML parsing or sanitisation. It is particularly relevant to Azure-hosted Go applications and services that process user-supplied HTML content. ...