GCVE - cpe:2.3:a:naver:lucy-xss-filter:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:naver:lucy-xss-filter:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Naver (`2e3d4894-d5bf-53f1-9aff-80b030ad77c4`)
Product	Lucy Xss Filter (`11d834b4-7a45-5f10-8495-f03e87be47c6`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/naver/lucy-xss-filter`	purl2cpe	2026-06-01 10:16:14.667535

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-23769`	vulnerable	2026-06-03 15:16:50.734513	Details available lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files. Published: 2026-01-16T05:23:56.494Z Updated: 2026-01-16T14:05:51.238Z Open on db.gcve.eu Reference links https://cve.naver.com/detail/cve-2026-23769.html https://github.com/naver/lucy-xss-filter/pull/32	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-23769`	not_vulnerable	2026-06-03 15:16:50.734375	Details available lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files. Published: 2026-01-16T05:23:56.494Z Updated: 2026-01-16T14:05:51.238Z Open on db.gcve.eu Reference links https://cve.naver.com/detail/cve-2026-23769.html https://github.com/naver/lucy-xss-filter/pull/32	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-23768`	vulnerable	2026-06-03 15:16:50.734026	Details available lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension. Published: 2026-01-16T05:20:58.677Z Updated: 2026-01-16T16:01:19.373Z Open on db.gcve.eu Reference links https://cve.naver.com/detail/cve-2026-23768.html https://github.com/naver/lucy-xss-filter/pull/31	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-23768`	not_vulnerable	2026-06-03 15:16:50.733875	Details available lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension. Published: 2026-01-16T05:20:58.677Z Updated: 2026-01-16T16:01:19.373Z Open on db.gcve.eu Reference links https://cve.naver.com/detail/cve-2026-23768.html https://github.com/naver/lucy-xss-filter/pull/31	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.