Reflected XSS in go-httpbin due to unrestricted client control over Content-Type
The go-httpbin framework is vulnerable to XSS as the user can control the Response Content-Type from GET parameter. This allows attacker to execute cross site scripts in victims browser.