exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2026-28350

25 дней назад

lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the <base> tag passes through the default Cleaner configuration. While page_structure=True removes html, head, and title tags, there is no specific handling for <base>, allowing an attacker to inject it and hijack relative links on the page. This issue has been patched in version 0.4.4.

CVSS3: 6.1

EPSS: Низкий

CVE-2026-28350

25 дней назад

lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the <base> tag passes through the default Cleaner configuration. While page_structure=True removes html, head, and title tags, there is no specific handling for <base>, allowing an attacker to inject it and hijack relative links on the page. This issue has been patched in version 0.4.4.

CVSS3: 6.1

EPSS: Низкий

CVE-2026-28350

25 дней назад

lxml_html_clean is a project for HTML cleaning functionalities copied ...

CVSS3: 6.1

EPSS: Низкий

GHSA-xvp8-3mhv-424c

28 дней назад

lxml-html-clean has <base> tag injection through default Cleaner configuration

CVSS3: 6.1

EPSS: Низкий

openSUSE-SU-2026:20345-1

19 дней назад

Security update for python-lxml_html_clean

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2026-28350 lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the <base> tag passes through the default Cleaner configuration. While page_structure=True removes html, head, and title tags, there is no specific handling for <base>, allowing an attacker to inject it and hijack relative links on the page. This issue has been patched in version 0.4.4.	CVSS3: 6.1	0% Низкий	25 дней назад
CVE-2026-28350 lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the <base> tag passes through the default Cleaner configuration. While page_structure=True removes html, head, and title tags, there is no specific handling for <base>, allowing an attacker to inject it and hijack relative links on the page. This issue has been patched in version 0.4.4.	CVSS3: 6.1	0% Низкий	25 дней назад
CVE-2026-28350 lxml_html_clean is a project for HTML cleaning functionalities copied ...	CVSS3: 6.1	0% Низкий	25 дней назад
GHSA-xvp8-3mhv-424c lxml-html-clean has <base> tag injection through default Cleaner configuration	CVSS3: 6.1	0% Низкий	28 дней назад
openSUSE-SU-2026:20345-1 Security update for python-lxml_html_clean			19 дней назад

Уязвимостей на страницу