Описание
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 4.2.1-1ubuntu0.3 |
| devel | released | 4.6.2-1 |
| esm-infra-legacy/trusty | released | 3.3.3-1ubuntu0.2+esm2 |
| esm-infra/bionic | released | 4.2.1-1ubuntu0.3 |
| esm-infra/focal | released | 4.5.0-1ubuntu0.2 |
| esm-infra/xenial | released | 3.5.0-1ubuntu0.3 |
| focal | released | 4.5.0-1ubuntu0.2 |
| groovy | released | 4.5.2-1ubuntu0.3 |
| precise/esm | not-affected | 2.3.2-1ubuntu0.5 |
| trusty | ignored | end of standard support |
Показывать по
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
A XSS vulnerability was discovered in python-lxml's clean module. The ...
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3