6 matches found
CVE-2026-43897
Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...
CVE-2026-43897
Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...
CVE-2026-43897
CVE-2026-43897 affects the link-preview-js library. Prior to version 4.0.1, it did not validate IPv6 loopback addresses and could also resolve certain addresses to internal IPs via DNS, enabling potential internal data leaks when extracting link information. The vulnerability is fixed in version ...
CVE-2025-61637
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js...
CVE-2025-52902
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting XSS. Any JavaScript code that is part of a...
Link Preview JS 代码问题漏洞
Link Preview JS is a tool for extracting web link information. A security vulnerability exists in Link Preview JS prior to version 2.1.16, which stems from flawed DNS rebinding protection...