VDB
KO

GO-2026-5804

Remark42: Cross-Site Scripting (XSS) on /api/v1/img via content-type spoofing in github.com/umputun/remark42

Details

Remark42: Cross-Site Scripting (XSS) on /api/v1/img via content-type spoofing in github.com/umputun/remark42

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/umputun/remark42
Introduced in: 1.6.0 Fixed in: 1.16.0
Fix go get github.com/umputun/remark42@v1.16.0

References