Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-xp26-p53h-6h2p

Опубликовано: 13 мая 2022
Источник: github
Github: Прошло ревью
CVSS4: 5.3
CVSS3: 6.1

Описание

Improper Neutralization of Input During Web Page Generation in LXML

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.

Ссылки

Пакеты

Наименование

lxml

pip
Затронутые версииВерсия исправления

< 4.2.5

4.2.5

EPSS

Процентиль: 67%
0.00533
Низкий

5.3 Medium

CVSS4

6.1 Medium

CVSS3

CVE ID

CVE-2018-19787

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2018-19787

CVSS3: 6.1
ubuntu
около 7 лет назад

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.

redhat логотип

CVE-2018-19787

CVSS3: 4.7
redhat
больше 7 лет назад

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.

nvd логотип

CVE-2018-19787

CVSS3: 6.1
nvd
около 7 лет назад

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.

msrc логотип

CVE-2018-19787

CVSS3: 6.1
msrc
больше 4 лет назад

Описание отсутствует

debian логотип

CVE-2018-19787

CVSS3: 6.1
debian
около 7 лет назад

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in th ...

EPSS

Процентиль: 67%
0.00533
Низкий

5.3 Medium

CVSS4

6.1 Medium

CVSS3

CVE ID

CVE-2018-19787

Дефекты

CWE-79