Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-19787

Опубликовано: 02 дек. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 6.1

Описание

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.

РелизСтатусПримечание
bionic

released

4.2.1-1ubuntu0.1
cosmic

not-affected

4.2.5-1
devel

not-affected

esm-infra-legacy/trusty

released

3.3.3-1ubuntu0.2
esm-infra/bionic

released

4.2.1-1ubuntu0.1
esm-infra/xenial

released

3.5.0-1ubuntu0.1
precise/esm

not-affected

2.3.2-1ubuntu0.3
trusty

released

3.3.3-1ubuntu0.2
trusty/esm

released

3.3.3-1ubuntu0.2
upstream

released

4.2.5-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 51%
0.00274
Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-19787

CVSS3: 4.7
redhat
почти 7 лет назад

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.

nvd логотип

CVE-2018-19787

CVSS3: 6.1
nvd
больше 6 лет назад

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.

msrc логотип

CVE-2018-19787

CVSS3: 6.1
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2018-19787

CVSS3: 6.1
debian
больше 6 лет назад

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in th ...

github логотип

GHSA-xp26-p53h-6h2p

CVSS3: 6.1
github
больше 3 лет назад

Improper Neutralization of Input During Web Page Generation in LXML

EPSS

Процентиль: 51%
0.00274
Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3