CVE-2025-46340 Misskey CSS Style Injection Vulnerability In `MkUrlPreview`

Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in UrlPreviewService and MkUrlPreview, it is possible for an attacker to inject arbitrary CSS into the MkUrlPreview component...

Misskey 安全漏洞

Misskey is a perpetually free open source syndicated social media platform from Misskey Open Source. A security vulnerability exists in Misskey versions prior to 12.0.0 through 2025.4.1, which stems from insufficient validation of UrlPreviewService and MkUrlPreview, and could lead to CSS injectio...