Name of the Vulnerable Software and Affected Versions net/http/cgi and net/http/fcgi packages (affected versions not specified)

Description The issue arises when a Handler does not explicitly set the Content-Type header, causing the net/http/cgi and net/http/fcgi packages to default to "text/html". This can lead to a Cross-Site Scripting issue if an attacker can control any part of the response contents.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.