CVE-2018-19787

Опубликовано: 02 дек. 2018

Источник: ubuntu

Приоритет: medium

CVSS2: 4.3

CVSS3: 6.1

Описание

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.

Релиз	Статус	Примечание
bionic	released	4.2.1-1ubuntu0.1
cosmic	not-affected	4.2.5-1
devel	not-affected
esm-infra-legacy/trusty	released	3.3.3-1ubuntu0.2
esm-infra/bionic	released	4.2.1-1ubuntu0.1
esm-infra/xenial	released	3.5.0-1ubuntu0.1
precise/esm	not-affected	2.3.2-1ubuntu0.3
trusty	released	3.3.3-1ubuntu0.2
trusty/esm	released	3.3.3-1ubuntu0.2
upstream	released	4.2.5-1

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2018-19787

CVSS3: 4.7

redhat

больше 7 лет назад

CVE-2018-19787

CVSS3: 6.1

nvd

около 7 лет назад

CVE-2018-19787

CVSS3: 6.1

msrc

больше 4 лет назад

Описание отсутствует

CVE-2018-19787

CVSS3: 6.1

debian

около 7 лет назад

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in th ...

GHSA-xp26-p53h-6h2p

CVSS3: 6.1

github

больше 3 лет назад

Improper Neutralization of Input During Web Page Generation in LXML

4.3 Medium

CVSS2

6.1 Medium

CVSS3

CVE-2018-19787

Описание

Пакет lxml

Ссылки на источники

Связанные уязвимости