CVE-2020-27783

Опубликовано: 03 дек. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.

Ссылки

https://advisory.checkmarx.net/advisory/CX-2020-4286
Exploit
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1901633
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00028.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK/
https://security.netapp.com/advisory/ntap-20210521-0003/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4810
Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
Patch
Third Party Advisory
https://advisory.checkmarx.net/advisory/CX-2020-4286
Exploit
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1901633
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00028.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK/
https://security.netapp.com/advisory/ntap-20210521-0003/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4810
Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lxml:lxml:*:*:*:*:*:*:*:*

Версия от 1.2 (включая) до 4.6.2 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Конфигурация 5

cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*

Конфигурация 6

Одно из

cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.01026

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-27783

CVSS3: 6.1

ubuntu

больше 4 лет назад

CVE-2020-27783

CVSS3: 6.1

redhat

больше 4 лет назад

CVE-2020-27783

CVSS3: 6.1

msrc

почти 4 года назад

Описание отсутствует

CVE-2020-27783

CVSS3: 6.1

debian

больше 4 лет назад

A XSS vulnerability was discovered in python-lxml's clean module. The ...

SUSE-SU-2022:3461-1

suse-cvrf

больше 2 лет назад

Security update for python3-lxml

EPSS

Процентиль: 76%

0.01026

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79