inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.","datePublished":"2026-04-22T20:16:42.617","license":"https://creativecommons.org/publicdomain/zero/1.0/","dcterms:source":"https://nvd.nist.gov/vuln/detail/CVE-2026-6019","prov:wasDerivedFrom":["https://nvd.nist.gov/vuln/detail/CVE-2026-6019"],"publisher":{"@type":"Organization","@id":"https://api.ai-analytics.org/#org","name":"AI Analytics","url":"https://api.ai-analytics.org"},"sourceOrganization":{"@type":"GovernmentOrganization","name":"NIST National Vulnerability Database","url":"https://nvd.nist.gov/"},"mainEntity":{"@type":"Thing","identifier":"CVE-2026-6019","additionalType":"Vulnerability"},"keywords":["CWE-150"]}
http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence </script> inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.