Search for packages
| purl | pkg:deb/ubuntu/lxml@4.2.4-1 |
| Next non-vulnerable version | 4.5.0-1ubuntu0.3 |
| Latest non-vulnerable version | 4.5.0-1ubuntu0.3 |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-jq1x-31sj-aaas
Aliases: CVE-2021-28957 GHSA-jq4v-f5q6-mjqq PYSEC-2021-19 |
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3. |
Affected by 0 other vulnerabilities. |
|
VCID-sky5-23ka-aaaj
Aliases: CVE-2020-27783 GHSA-pgww-xf46-h92r PYSEC-2020-62 |
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|