CVE-2020-24553

Published: Sep 2, 2020
Updated: Apr 14, 2023
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-24553" target="_blank" rel="noopener"> CVE-2020-24553
Severity: Medium
Exploit:

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.

CVSS v3:

CVSS v2:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
golang / go	1.15.0	1.15.1
golang / go	-	1.14.8
fedoraproject / fedora	33	33.x
opensuse / leap	15.1	15.1.x
opensuse / leap	15.2	15.2.x
oracle / communications_cloud_native_core_policy	1.5.0	1.5.0.x