{"id":"GO-2026-4818","summary":"Authelia: Improper Neutralization of Input During Web Page Generation Leads to Potential Cross-site Scripting in github.com/authelia/authelia","details":"Authelia: Improper Neutralization of Input During Web Page Generation Leads to Potential Cross-site Scripting in github.com/authelia/authelia","aliases":["CVE-2026-33525","GHSA-gmfg-3v4q-9qr4"],"modified":"2026-03-26T21:03:53.896881Z","published":"2026-03-26T20:33:02Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2026-4818","review_status":"UNREVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/authelia/authelia/security/advisories/GHSA-gmfg-3v4q-9qr4"}],"affected":[{"package":{"name":"github.com/authelia/authelia","ecosystem":"Go","purl":"pkg:golang/github.com/authelia/authelia"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4818.json"}},{"package":{"name":"github.com/authelia/authelia/v4","ecosystem":"Go","purl":"pkg:golang/github.com/authelia/authelia/v4"},"ranges":[{"type":"SEMVER","events":[{"introduced":"4.39.15"},{"fixed":"4.39.16"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4818.json"}}],"schema_version":"1.7.5"}