Уязвимость CVE-2018-19787

CVE-2018-19787

CVSS3: 6.1

ubuntu

больше 6 лет назад

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.

CVE-2018-19787

CVSS3: 4.7

redhat

почти 7 лет назад

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.

CVE-2018-19787

CVSS3: 6.1

nvd

больше 6 лет назад

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.

CVE-2018-19787

CVSS3: 6.1

debian

больше 6 лет назад

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in th ...

GHSA-xp26-p53h-6h2p

CVSS3: 6.1

github

больше 3 лет назад

Improper Neutralization of Input During Web Page Generation in LXML

exploitDog

CVE-2018-19787

Описание

Возможность эксплуатации

Связанные уязвимости