Go · Go · CVE-2026-39823
**Name of the Vulnerable Software and Affected Versions**
The product name cannot be determined (affected versions not specified)
**Description**
URLs are not correctly escaped within the `content` attribute of a `<meta>` tag. If the URL content contains ASCII whitespaces around the `=` rune, the escaper fails to process it correctly, which can lead to Cross-Site Scripting (XSS), a technique where malicious scripts are injected into trusted websites.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.