Количество 20
Количество 20
GHSA-jq4v-f5q6-mjqq
lxml vulnerable to Cross-Site Scripting
CVE-2021-28957
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.
CVE-2021-28957
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.
CVE-2021-28957
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.
CVE-2021-28957
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.
CVE-2021-28957
An XSS vulnerability was discovered in python-lxml's clean module vers ...
SUSE-SU-2022:3937-1
Security update for python3-lxml
SUSE-SU-2022:3934-1
Security update for python3-lxml
BDU:2021-03119
Уязвимость класса Cleaner библиотеки для обработки разметки XML и HTML Lxml, позволяющая нарушителю выполнить произвольный Java Script-код
SUSE-SU-2022:3836-1
Security update for python-lxml
openSUSE-SU-2022:0803-1
Security update for python-lxml
SUSE-SU-2022:0895-1
Security update for python-lxml
SUSE-SU-2022:0803-1
Security update for python-lxml
RLSA-2021:4160
Moderate: python39:3.9 and python39-devel:3.9 security update
ELSA-2021-4160
ELSA-2021-4160: python39:3.9 and python39-devel:3.9 security update (MODERATE)
RLSA-2021:4151
Moderate: python27:2.7 security update
ELSA-2021-4151
ELSA-2021-4151: python27:2.7 security update (MODERATE)
ELSA-2021-4162
ELSA-2021-4162: python38:3.8 and python38-devel:3.8 security update (MODERATE)
RLSA-2021:4162
Moderate: python38:3.8 and python38-devel:3.8 security update
ELSA-2022-9341
ELSA-2022-9341: ol-automation-manager security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-jq4v-f5q6-mjqq lxml vulnerable to Cross-Site Scripting | CVSS3: 6.1 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-28957 An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3. | CVSS3: 6.1 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-28957 An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3. | CVSS3: 6.1 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-28957 An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3. | CVSS3: 6.1 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-28957 An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3. | CVSS3: 6.1 | 0% Низкий | больше 4 лет назад |
| CVE-2021-28957 An XSS vulnerability was discovered in python-lxml's clean module vers ... | CVSS3: 6.1 | 0% Низкий | больше 4 лет назад |
 | SUSE-SU-2022:3937-1 Security update for python3-lxml | 0% Низкий | около 3 лет назад | |
| SUSE-SU-2022:3934-1 Security update for python3-lxml | 0% Низкий | около 3 лет назад | |
 | BDU:2021-03119 Уязвимость класса Cleaner библиотеки для обработки разметки XML и HTML Lxml, позволяющая нарушителю выполнить произвольный Java Script-код | CVSS3: 6.1 | 0% Низкий | больше 5 лет назад |
| SUSE-SU-2022:3836-1 Security update for python-lxml | около 3 лет назад | ||
| openSUSE-SU-2022:0803-1 Security update for python-lxml | больше 3 лет назад | ||
| SUSE-SU-2022:0895-1 Security update for python-lxml | больше 3 лет назад | ||
| SUSE-SU-2022:0803-1 Security update for python-lxml | больше 3 лет назад | ||
 | RLSA-2021:4160 Moderate: python39:3.9 and python39-devel:3.9 security update | около 4 лет назад | ||
| ELSA-2021-4160 ELSA-2021-4160: python39:3.9 and python39-devel:3.9 security update (MODERATE) | около 4 лет назад | ||
| RLSA-2021:4151 Moderate: python27:2.7 security update | около 4 лет назад | ||
| ELSA-2021-4151 ELSA-2021-4151: python27:2.7 security update (MODERATE) | около 4 лет назад | ||
| ELSA-2021-4162 ELSA-2021-4162: python38:3.8 and python38-devel:3.8 security update (MODERATE) | около 4 лет назад | ||
| RLSA-2021:4162 Moderate: python38:3.8 and python38-devel:3.8 security update | около 4 лет назад | ||
| ELSA-2022-9341 ELSA-2022-9341: ol-automation-manager security update (IMPORTANT) | больше 3 лет назад |
Уязвимостей на страницу