33 matches found
xss-protector
Lucy XSS Filter for Spring Boot 네이버 Lucy XSS Filter를 사용한 강력...
CVE-2026-23768
lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension...
CVE-2026-23768
lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension...
CVE-2026-23769
lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files...
CVE-2026-23769
lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files...
CVE-2026-23769
CVE-2026-23769 affects lucy-xss-filter. The issue arises from improper sanitization due to misconfigured default superset rule files, enabling an attacker to execute malicious JavaScript. The noted vulnerable state involves versions prior to commit e5826c0. Red Hat and other sources confirm impac...
CVE-2026-23769
lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files...
CVE-2026-23768
CVE-2026-23768 concerns the Lucy-XSS-Filter project. The vulnerability exists in the code path prior to commit 7c1de6d and allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener options are enabled and an embed or object t...
CVE-2021-28132
LUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution because the Migration Tool in the Support section allows upload of .php files within a system.tar.gz file. The .php file becomes accessible with a public/system/static URI...
EUVD-2009-4584
Malware in sbrugna...
HCL Technologies HCL DRYiCE Optibot Reset Station 安全漏洞
HCL Technologies HCL DRYiCE Lucy is an AI-powered virtual assistant from HCL Technologies, USA. A security vulnerability exists in the HCL Technologies HCL DRYiCE Optibot Reset Station that stems from being affected by insecure encryption with a one-time password OTP...
HCL Technologies HCL DRYiCE Optibot Reset Station 安全漏洞
HCL Technologies HCL DRYiCE Lucy is an AI-powered virtual assistant from HCL Technologies, USA. A security vulnerability exists in the HCL Technologies HCL DRYiCE Optibot Reset Station, which stems from being affected by insecure encryption for security issues...
CVE-2023-37526
HCL DRYiCE Lucy now AEX is affected by a Cross Origin Resource Sharing CORS vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized access to the application resources from any web domain and enable cache poisoning attacks...
HCL DRYiCE Lucy 安全漏洞
HCL Technologies HCL DRYiCE Lucy is an AI-powered virtual assistant from HCL Technologies, USA. A security vulnerability exists in HCL DRYiCE Lucy that stems from vulnerability to CORS misconfiguration...
CVE-2023-37526 HCL DRYiCE Lucy v9 (now AEX) is affected by a Cross Origin Resource Sharing (CORS) Vulnerability
HCL DRYiCE Lucy now AEX is affected by a Cross Origin Resource Sharing CORS vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized access to the application resources from any web domain and enable cache poisoning attacks...
CVE-2023-37526 HCL DRYiCE Lucy v9 (now AEX) is affected by a Cross Origin Resource Sharing (CORS) Vulnerability
HCL DRYiCE Lucy now AEX is affected by a Cross Origin Resource Sharing CORS vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized access to the application resources from any web domain and enable cache poisoning attacks...
CVE-2023-37526
The CVE-2023-37526 entry concerns HCL DRYiCE Lucy (now AEX). A CORS misconfiguration in the mobile app could allow unauthorized access to application resources from any web domain and enable cache poisoning, per sources in NVD/CVE records. The root cause is a CORS misconfiguration in the app, wit...
PT-2024-12630 · Hcl · Hcl Dryice Lucy
Name of the Vulnerable Software and Affected Versions: HCL DRYiCE Lucy now AEX affected versions not specified Description: The issue is related to a Cross Origin Resource Sharing CORS misconfiguration in the mobile app, which could allow unauthorized access to application resources from any web...
WordPress Advanced WP Columns plugin <= 2.0.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by lucy in the WordPress Advanced WP Columns plugin versions = 2.0.6. Solution Deactivate and delete. This plugin has been closed as of November 7, 2022 and is not available for download. This closure is temporary, pending a full revi...
WordPress WP Word Count plugin <= 3.2.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by lucy in the WordPress WP Word Count plugin versions = 3.2.3. Solution Deactivate and delete. This plugin has been closed as of October 6, 2022 and is not available for download. This closure is temporary, pending a full...