Lucy Xss Filter
Monthly
lucy-xss-filter before commit e5826c0 contains a cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in users' browsers through improper input sanitization caused by misconfigured default filter rules. The vulnerability requires user interaction to trigger and affects the confidentiality and integrity of web applications relying on this filter. A patch is available to address the misconfigured rule set.
Lucy XSS Filter with ObjectSecurityListener or EmbedSecurityListener enabled is vulnerable to server-side request forgery (SSRF) via malformed embed or object tags lacking file extensions in src attributes, allowing remote attackers to trigger arbitrary HEAD requests to internal or external URLs. Public exploit code exists for this vulnerability, and no patch is currently available.
lucy-xss-filter before commit e5826c0 contains a cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in users' browsers through improper input sanitization caused by misconfigured default filter rules. The vulnerability requires user interaction to trigger and affects the confidentiality and integrity of web applications relying on this filter. A patch is available to address the misconfigured rule set.
Lucy XSS Filter with ObjectSecurityListener or EmbedSecurityListener enabled is vulnerable to server-side request forgery (SSRF) via malformed embed or object tags lacking file extensions in src attributes, allowing remote attackers to trigger arbitrary HEAD requests to internal or external URLs. Public exploit code exists for this vulnerability, and no patch is currently available.