Lucene search

RedhatCVE-2014-3146

HistoryMay 14, 2014 - 7:55 p.m.

CVE-2014-3146

2014-05-1419:55:11

redhat

web.nvd.nist.gov

204

cve-2014-3146

incomplete blacklist vulnerability

lxml

xss attacks

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.013

Percentile

86.0%

JSON

Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.

Affected configurations

Nvd

Node

lxmllxmlRange≤3.3.4

lxmllxmlMatch0.5

lxmllxmlMatch0.5.1

lxmllxmlMatch0.6

lxmllxmlMatch0.7

lxmllxmlMatch0.8

lxmllxmlMatch0.9

lxmllxmlMatch0.9.1

lxmllxmlMatch0.9.2

lxmllxmlMatch1.0

lxmllxmlMatch1.0.1

lxmllxmlMatch1.0.2

lxmllxmlMatch1.0.3

lxmllxmlMatch1.0.4

lxmllxmlMatch1.1

lxmllxmlMatch1.1.1

lxmllxmlMatch1.1.2

lxmllxmlMatch1.2

lxmllxmlMatch1.2.1

lxmllxmlMatch1.3

lxmllxmlMatch1.3.1

lxmllxmlMatch1.3.2

lxmllxmlMatch1.3.3

lxmllxmlMatch1.3.4

lxmllxmlMatch1.3.5

lxmllxmlMatch1.3.6

lxmllxmlMatch2.0

lxmllxmlMatch2.0.1

lxmllxmlMatch2.0.2

lxmllxmlMatch2.0.3

lxmllxmlMatch2.0.4

lxmllxmlMatch2.0.5

lxmllxmlMatch2.0.6

lxmllxmlMatch2.0.7

lxmllxmlMatch2.0.8

lxmllxmlMatch2.0.9

lxmllxmlMatch2.0.10

lxmllxmlMatch2.0.11

lxmllxmlMatch2.1alpha1

lxmllxmlMatch2.1beta1

lxmllxmlMatch2.1beta2

lxmllxmlMatch2.1beta3

lxmllxmlMatch2.1.1

lxmllxmlMatch2.1.2

lxmllxmlMatch2.1.3

lxmllxmlMatch2.1.4

lxmllxmlMatch2.2-

lxmllxmlMatch2.2alpha1

lxmllxmlMatch2.2beta1

lxmllxmlMatch2.2beta2

lxmllxmlMatch2.2beta3

lxmllxmlMatch2.2beta4

lxmllxmlMatch2.2.1

lxmllxmlMatch2.2.2

lxmllxmlMatch2.2.3

lxmllxmlMatch2.2.4

lxmllxmlMatch2.2.5

lxmllxmlMatch2.2.6

lxmllxmlMatch2.2.7

lxmllxmlMatch2.2.8

lxmllxmlMatch2.3-

lxmllxmlMatch2.3alpha1

lxmllxmlMatch2.3alpha2

lxmllxmlMatch2.3beta1

lxmllxmlMatch2.3.1

lxmllxmlMatch2.3.2

lxmllxmlMatch2.3.3

lxmllxmlMatch2.3.4

lxmllxmlMatch2.3.5

lxmllxmlMatch2.3.6

lxmllxmlMatch3.0-

lxmllxmlMatch3.0alpha1

lxmllxmlMatch3.0alpha2

lxmllxmlMatch3.0beta1

lxmllxmlMatch3.0.1

lxmllxmlMatch3.0.2

lxmllxmlMatch3.1beta1

lxmllxmlMatch3.1.0

lxmllxmlMatch3.1.1

lxmllxmlMatch3.1.2

lxmllxmlMatch3.2.0

lxmllxmlMatch3.2.1

lxmllxmlMatch3.2.2

lxmllxmlMatch3.2.3

lxmllxmlMatch3.2.4

lxmllxmlMatch3.2.5

lxmllxmlMatch3.3.0-

lxmllxmlMatch3.3.0beta1

lxmllxmlMatch3.3.0beta2

lxmllxmlMatch3.3.0beta3

lxmllxmlMatch3.3.0beta4

lxmllxmlMatch3.3.0beta5

lxmllxmlMatch3.3.1

lxmllxmlMatch3.3.2

lxmllxmlMatch3.3.3

VendorProductVersionCPE
lxmllxml*cpe:2.3:a:lxml:lxml:*:*:*:*:*:*:*:*
lxmllxml0.5cpe:2.3:a:lxml:lxml:0.5:*:*:*:*:*:*:*
lxmllxml0.5.1cpe:2.3:a:lxml:lxml:0.5.1:*:*:*:*:*:*:*
lxmllxml0.6cpe:2.3:a:lxml:lxml:0.6:*:*:*:*:*:*:*
lxmllxml0.7cpe:2.3:a:lxml:lxml:0.7:*:*:*:*:*:*:*
lxmllxml0.8cpe:2.3:a:lxml:lxml:0.8:*:*:*:*:*:*:*
lxmllxml0.9cpe:2.3:a:lxml:lxml:0.9:*:*:*:*:*:*:*
lxmllxml0.9.1cpe:2.3:a:lxml:lxml:0.9.1:*:*:*:*:*:*:*
lxmllxml0.9.2cpe:2.3:a:lxml:lxml:0.9.2:*:*:*:*:*:*:*
lxmllxml1.0cpe:2.3:a:lxml:lxml:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lxml	lxml	*	cpe:2.3:a:lxml:lxml::::::::
lxml	lxml	0.5	cpe:2.3:a:lxml:lxml:0.5:::::::*
lxml	lxml	0.5.1	cpe:2.3:a:lxml:lxml:0.5.1:::::::*
lxml	lxml	0.6	cpe:2.3:a:lxml:lxml:0.6:::::::*
lxml	lxml	0.7	cpe:2.3:a:lxml:lxml:0.7:::::::*
lxml	lxml	0.8	cpe:2.3:a:lxml:lxml:0.8:::::::*
lxml	lxml	0.9	cpe:2.3:a:lxml:lxml:0.9:::::::*
lxml	lxml	0.9.1	cpe:2.3:a:lxml:lxml:0.9.1:::::::*
lxml	lxml	0.9.2	cpe:2.3:a:lxml:lxml:0.9.2:::::::*
lxml	lxml	1.0	cpe:2.3:a:lxml:lxml:1.0:::::::*