Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-27783

Опубликовано: 18 окт. 2020
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.

A Cross-site Scripting (XSS) vulnerability was found in the python-lxml's clean module. The module's parser did not properly imitate browsers, causing different behaviors between the sanitizer and the user's page. This flaw allows a remote attacker to run arbitrary HTML/JS code. The highest threat from this vulnerability is to confidentiality and integrity.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5python-lxmlOut of support scope
Red Hat Enterprise Linux 6python-lxmlOut of support scope
Red Hat Enterprise Linux 7python-lxmlOut of support scope
Red Hat Enterprise Linux 9python-lxmlNot affected
Red Hat OpenStack Platform 10 (Newton)python-lxmlOut of support scope
Red Hat OpenStack Platform 13 (Queens)python-lxmlWill not fix
Red Hat Enterprise Linux 8python27FixedRHSA-2021:176118.05.2021
Red Hat Enterprise Linux 8python38FixedRHSA-2021:187918.05.2021
Red Hat Enterprise Linux 8python-lxmlFixedRHSA-2021:189818.05.2021
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-python38-babelFixedRHSA-2021:325424.08.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1901633python-lxml: mXSS due to the use of improper parser

EPSS

Процентиль: 76%
0.01026
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-27783

CVSS3: 6.1
ubuntu
больше 4 лет назад

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.

nvd логотип

CVE-2020-27783

CVSS3: 6.1
nvd
больше 4 лет назад

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.

msrc логотип

CVE-2020-27783

CVSS3: 6.1
msrc
почти 4 года назад

Описание отсутствует

debian логотип

CVE-2020-27783

CVSS3: 6.1
debian
больше 4 лет назад

A XSS vulnerability was discovered in python-lxml's clean module. The ...

suse-cvrf логотип

SUSE-SU-2022:3461-1

suse-cvrf
больше 2 лет назад

Security update for python3-lxml

EPSS

Процентиль: 76%
0.01026
Низкий

6.1 Medium

CVSS3