Search for vulnerabilities
Vulnerability details: VCID-44yg-s35j-93gc
Vulnerability ID VCID-44yg-s35j-93gc
Aliases CVE-2014-3146
GHSA-57qw-cc2g-pv5p
PYSEC-2014-9
Summary
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 6.1 http://advisories.mageia.org/MGASA-2014-0218.html
generic_textual MODERATE http://advisories.mageia.org/MGASA-2014-0218.html
cvssv3.1 6.1 http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html
cvssv3.1 6.1 http://lxml.de/3.3/changes-3.3.5.html
generic_textual MODERATE http://lxml.de/3.3/changes-3.3.5.html
epss 0.06721 https://api.first.org/data/v1/epss?cve=CVE-2014-3146
epss 0.08192 https://api.first.org/data/v1/epss?cve=CVE-2014-3146
epss 0.08192 https://api.first.org/data/v1/epss?cve=CVE-2014-3146
epss 0.08192 https://api.first.org/data/v1/epss?cve=CVE-2014-3146
epss 0.14779 https://api.first.org/data/v1/epss?cve=CVE-2014-3146
epss 0.14779 https://api.first.org/data/v1/epss?cve=CVE-2014-3146
epss 0.14779 https://api.first.org/data/v1/epss?cve=CVE-2014-3146
epss 0.14779 https://api.first.org/data/v1/epss?cve=CVE-2014-3146
epss 0.14779 https://api.first.org/data/v1/epss?cve=CVE-2014-3146
epss 0.14779 https://api.first.org/data/v1/epss?cve=CVE-2014-3146
epss 0.14779 https://api.first.org/data/v1/epss?cve=CVE-2014-3146
cvssv3.1 6.1 http://seclists.org/fulldisclosure/2014/Apr/210
generic_textual MODERATE http://seclists.org/fulldisclosure/2014/Apr/210
cvssv3.1 6.1 http://seclists.org/fulldisclosure/2014/Apr/319
generic_textual MODERATE http://seclists.org/fulldisclosure/2014/Apr/319
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-57qw-cc2g-pv5p
cvssv3.1 6.1 https://github.com/lxml/lxml
generic_textual MODERATE https://github.com/lxml/lxml
cvssv3.1 6.1 https://github.com/lxml/lxml/commit/3f3082e0a67851cde26a48da3d1f4b75d8aa07ec
generic_textual MODERATE https://github.com/lxml/lxml/commit/3f3082e0a67851cde26a48da3d1f4b75d8aa07ec
cvssv3.1 6.1 https://github.com/lxml/lxml/commit/86e81ab393ba14c1be71284675851a3bdce57d69
generic_textual MODERATE https://github.com/lxml/lxml/commit/86e81ab393ba14c1be71284675851a3bdce57d69
cvssv3.1 6.1 https://github.com/lxml/lxml/commit/e86b294f1f81b899a59925123560ff924a72f1cc
generic_textual MODERATE https://github.com/lxml/lxml/commit/e86b294f1f81b899a59925123560ff924a72f1cc
cvssv3.1 6.1 https://github.com/lxml/lxml/pull/273
generic_textual MODERATE https://github.com/lxml/lxml/pull/273
cvssv3.1 6.1 https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2014-9.yaml
generic_textual MODERATE https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2014-9.yaml
cvssv3.1 6.1 https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html
generic_textual MODERATE https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2014-3146
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2014-3146
cvssv3.1 6.1 https://web.archive.org/web/20140724172044/http://secunia.com/advisories/58013
generic_textual MODERATE https://web.archive.org/web/20140724172044/http://secunia.com/advisories/58013
cvssv3.1 6.1 https://web.archive.org/web/20140805110535/http://secunia.com/advisories/59008
generic_textual MODERATE https://web.archive.org/web/20140805110535/http://secunia.com/advisories/59008
cvssv3.1 6.1 https://web.archive.org/web/20140806061046/http://secunia.com/advisories/58744
generic_textual MODERATE https://web.archive.org/web/20140806061046/http://secunia.com/advisories/58744
cvssv3.1 6.1 https://web.archive.org/web/20141017122607/https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html
generic_textual MODERATE https://web.archive.org/web/20141017122607/https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html
cvssv3.1 6.1 https://web.archive.org/web/20150523055039/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015:112/?name=MDVSA-2015:112
generic_textual MODERATE https://web.archive.org/web/20150523055039/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015:112/?name=MDVSA-2015:112
cvssv3.1 6.1 https://web.archive.org/web/20200228180542/http://www.securityfocus.com/bid/67159
generic_textual MODERATE https://web.archive.org/web/20200228180542/http://www.securityfocus.com/bid/67159
cvssv3.1 6.1 http://www.debian.org/security/2014/dsa-2941
generic_textual MODERATE http://www.debian.org/security/2014/dsa-2941
cvssv3.1 6.1 http://www.openwall.com/lists/oss-security/2014/05/09/7
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2014/05/09/7
cvssv3.1 6.1 http://www.ubuntu.com/usn/USN-2217-1
generic_textual MODERATE http://www.ubuntu.com/usn/USN-2217-1
Reference id Reference type URL
http://advisories.mageia.org/MGASA-2014-0218.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html
http://lxml.de/3.3/changes-3.3.5.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3146.json
https://api.first.org/data/v1/epss?cve=CVE-2014-3146
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3146
http://seclists.org/fulldisclosure/2014/Apr/210
http://seclists.org/fulldisclosure/2014/Apr/319
http://secunia.com/advisories/58013
http://secunia.com/advisories/58744
http://secunia.com/advisories/59008
https://github.com/lxml/lxml
https://github.com/lxml/lxml/commit/3f3082e0a67851cde26a48da3d1f4b75d8aa07ec
https://github.com/lxml/lxml/commit/86e81ab393ba14c1be71284675851a3bdce57d69
https://github.com/lxml/lxml/commit/e86b294f1f81b899a59925123560ff924a72f1cc
https://github.com/lxml/lxml/pull/273
https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2014-9.yaml
https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html
https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007129.html
https://nvd.nist.gov/vuln/detail/CVE-2014-3146
https://web.archive.org/web/20140724172044/http://secunia.com/advisories/58013
https://web.archive.org/web/20140805110535/http://secunia.com/advisories/59008
https://web.archive.org/web/20140806061046/http://secunia.com/advisories/58744
https://web.archive.org/web/20141017122607/https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html
https://web.archive.org/web/20150523055039/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015:112/?name=MDVSA-2015:112
https://web.archive.org/web/20200228180542/http://www.securityfocus.com/bid/67159
http://www.debian.org/security/2014/dsa-2941
http://www.mandriva.com/security/advisories?name=MDVSA-2015:112
http://www.openwall.com/lists/oss-security/2014/05/09/7
http://www.securityfocus.com/bid/67159
http://www.ubuntu.com/usn/USN-2217-1
1092613 https://bugzilla.redhat.com/show_bug.cgi?id=1092613
746812 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746812
CVE-2014-3146;OSVDB-105975 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/39155.txt
CVE-2014-3146;OSVDB-105975 Exploit https://www.securityfocus.com/bid/67159/info
GHSA-57qw-cc2g-pv5p https://github.com/advisories/GHSA-57qw-cc2g-pv5p
USN-2217-1 https://usn.ubuntu.com/2217-1/
Data source Exploit-DB
Date added April 15, 2014
Description lxml - 'clean_html' Security Bypass
Ransomware campaign use Known
Source publication date April 15, 2014
Exploit type remote
Platform linux
Source update date Jan. 3, 2016
Source URL https://www.securityfocus.com/bid/67159/info
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://advisories.mageia.org/MGASA-2014-0218.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://lxml.de/3.3/changes-3.3.5.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://seclists.org/fulldisclosure/2014/Apr/210
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://seclists.org/fulldisclosure/2014/Apr/319
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/lxml/lxml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/lxml/lxml/commit/3f3082e0a67851cde26a48da3d1f4b75d8aa07ec
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/lxml/lxml/commit/86e81ab393ba14c1be71284675851a3bdce57d69
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/lxml/lxml/commit/e86b294f1f81b899a59925123560ff924a72f1cc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/lxml/lxml/pull/273
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2014-9.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-3146
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20140724172044/http://secunia.com/advisories/58013
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20140805110535/http://secunia.com/advisories/59008
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20140806061046/http://secunia.com/advisories/58744
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20141017122607/https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20150523055039/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015:112/?name=MDVSA-2015:112
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20200228180542/http://www.securityfocus.com/bid/67159
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://www.debian.org/security/2014/dsa-2941
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://www.openwall.com/lists/oss-security/2014/05/09/7
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://www.ubuntu.com/usn/USN-2217-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.90825
EPSS Score 0.06721
Published At July 12, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:10:36.779581+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/2217-1/ 36.1.3