[ASA-202012-1] python-lxml: cross-site scripting

🗓️ 05 Dec 2020 00:00:00Reported by ArchLinuxType

archlinux

archlinux🔗 security.archlinux.org👁 181 Views

python-lxml cross-site scripting vulnerability fi

Reporter	Title	Published	Views	Family All 190
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs	19 Oct 202115:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	15 Apr 202502:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	15 Apr 202502:27	–	ibm
Tenable Nessus	Amazon Linux 2 : python-lxml (ALAS-2021-1666)	23 Jun 202100:00	–	nessus
Tenable Nessus	Amazon Linux AMI : python-lxml (ALAS-2023-1709)	22 Mar 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0086: python-lxml (ALINUX3-SA-2022:0086)	14 May 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0112: python27:2.7 (ALINUX3-SA-2022:0112)	14 May 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0261: Moderate: python27:2.7 (ALINUX3-SA-2024:0261)	14 May 202500:00	–	nessus
Tenable Nessus	CentOS 8 : python27:2.7 (CESA-2021:1761)	19 May 202100:00	–	nessus
Tenable Nessus	CentOS 8 : python38:3.8 (CESA-2021:1879)	28 May 202100:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Arch Linux	–	any	python-lxml	4.6.2-1	python-lxml-4.6.2-1-any.pkg.tar.zst

Source	Link
security	www.security.archlinux.org/AVG-1319
github	www.github.com/lxml/lxml/commit/a105ab8dc262ec6735977c25c13f0bdfcdec72a7
security	www.security.archlinux.org/CVE-2020-27783

05 Dec 2020 00:00Current

0.9Low risk

Vulners AI Score0.9

CVSS 24.3

CVSS 3.16.1

EPSS0.01246

SSVC

python-lxml cross-site scripting vulnerability fix remote attacker html/js code upgrade