Lxml - (bulletinjul2019)ID: oval:org.secpod.oval:def:2105058 | Date: (C)2019-12-31 (M)2023-12-20 |
Class: PATCH | Family: unix |
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.
Product: |
library/python/urllib3 |
library/python/urllib3-35 |
library/python/urllib3-34 |
library/python/urllib3-27 |
library/python/paramiko |
library/python/paramiko-35 |
library/python/paramiko-34 |
library/python/paramiko-27 |
library/python/lxml |
library/python/lxml-35 |
library/python/lxml-34 |
library/python/lxml-27 |
library/python/jinja2 |
library/python/jinja2-35 |
library/python/jinja2-34 |
library/python/jinja2-27 |