MEDIUM
Stefanprodan
CVE published 2026-05-14
CVE-2026-43644
A reflected cross-site scripting (XSS) vulnerability exists in Podinfo through version 6.11.2, specifically affecting the `/echo` and `/api/echo` endpoints. The `echoHandler` function writes request body content directly to the HTTP response without explicitly setting `Content-Type` or `X-Content-Type-Options` headers. Due to Go's automatic content type detection, attacker-supplied script payloads in requ [truncated]