exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2026-28348

25 дней назад

lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the _has_sneaky_javascript() method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression() filters, allowing external CSS loading or XSS in older browsers. This issue has been patched in version 0.4.4.

CVSS3: 6.1

EPSS: Низкий

CVE-2026-28348

25 дней назад

lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the _has_sneaky_javascript() method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression() filters, allowing external CSS loading or XSS in older browsers. This issue has been patched in version 0.4.4.

CVSS3: 6.1

EPSS: Низкий

CVE-2026-28348

25 дней назад

lxml_html_clean is a project for HTML cleaning functionalities copied ...

CVSS3: 6.1

EPSS: Низкий

GHSA-hw26-mmpg-fqfg

28 дней назад

lxml-html-clean has CSS @import Filter Bypass via Unicode Escapes

CVSS3: 6.1

EPSS: Низкий

openSUSE-SU-2026:20345-1

19 дней назад

Security update for python-lxml_html_clean

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2026-28348 lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the _has_sneaky_javascript() method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression() filters, allowing external CSS loading or XSS in older browsers. This issue has been patched in version 0.4.4.	CVSS3: 6.1	0% Низкий	25 дней назад
CVE-2026-28348 lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the _has_sneaky_javascript() method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression() filters, allowing external CSS loading or XSS in older browsers. This issue has been patched in version 0.4.4.	CVSS3: 6.1	0% Низкий	25 дней назад
CVE-2026-28348 lxml_html_clean is a project for HTML cleaning functionalities copied ...	CVSS3: 6.1	0% Низкий	25 дней назад
GHSA-hw26-mmpg-fqfg lxml-html-clean has CSS @import Filter Bypass via Unicode Escapes	CVSS3: 6.1	0% Низкий	28 дней назад
openSUSE-SU-2026:20345-1 Security update for python-lxml_html_clean			19 дней назад

Уязвимостей на страницу