Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Lxml
(Lxml)Repositories | https://github.com/lxml/lxml |
#Vulnerabilities | 6 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-12-02 | CVE-2018-19787 | An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146. | Ubuntu_linux, Debian_linux, Lxml | 6.1 | ||
2014-05-14 | CVE-2014-3146 | Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function. | Lxml | N/A |