Lucy Xss Filter

lucy-xss-filter

Vendor: Naver • 2 CVEs

CVEs (2)

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

1Naver

1Lucy Xss Filter

Jan 23, 2026

Jan 16, 2026

N/A· v4

6.1 MEDIUM· v3

N/A· v2

lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files.

1Naver

1Lucy Xss Filter

Jan 23, 2026

Jan 16, 2026

N/A· v4

6.1 MEDIUM· v3

N/A· v2

lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used...Show more

lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension.Show less