CVE-2014-3146

2014-05-14T19:55:00
ID CVE-2014-3146
Type cve
Reporter secalert@redhat.com
Modified 2017-12-29T02:29:00

Description

Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.