CNNVD-202601-2812 Information

CNNVD ID

CNNVD-202601-2812

Related CVE

CVE-2026-23768

• CNNVD Published: 2026-01-16

Description (Chinese)

Lucy-XSS是NAVER开源的一个跨站脚本工具防护库。 Lucy-XSS存在安全漏洞，该漏洞源于ObjectSecurityListener或EmbedSecurityListener选项启用时，src属性缺少文件扩展名，可能导致服务器端HEAD请求。

Description (English)

Lucy-XSS is a multi-station script protection library for NAVER open source. Lucy-XSS has a security loophole, which results from the absence of file extensions for src properties when the ObjectSecurityListener or EmbedSecurityListener options are enabled, which may lead to the server-end HEAD request.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

NAVER

Published

2026-01-16

Last Modified

2026-02-24

References

https://cve.naver.com/detail/cve-2026-23768.html https://github.com/naver/lucy-xss-filter/pull/31