CVE-2026-23768

Medium CVSS: 6.1

lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension.

Vendor

Naver

Product

Lucy-xss-filter

CWE

CWE-918

Yayın Tarihi

2026-01-16 06:15:51

Güncelleme

2026-01-23 17:26:59

Source Identifier

cve@navercorp.com

KEV Date Added

Kategoriler

CWE-918 Lucy-xss-filter MEDIUM Naver 2026

Referanslar

https://cve.naver.com/detail/cve-2026-23768.html https://github.com/naver/lucy-xss-filter/pull/31

Benzer Kayıtlar

Medium

CVE-2026-1513

billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart…

Medium

CVE-2026-23769

lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization ca…

Critical

CVE-2025-49223

billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow…