Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2014-3146
HistoryMay 14, 2014 - 7:55 p.m.

CVE-2014-3146

2014-05-1419:55:11
[email protected]
web.nvd.nist.gov
1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

86.0%

JSON

Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.

Affected configurations

NVD
Node
lxmllxmlRange3.3.4
OR
lxmllxmlMatch0.5
OR
lxmllxmlMatch0.5.1
OR
lxmllxmlMatch0.6
OR
lxmllxmlMatch0.7
OR
lxmllxmlMatch0.8
OR
lxmllxmlMatch0.9
OR
lxmllxmlMatch0.9.1
OR
lxmllxmlMatch0.9.2
OR
lxmllxmlMatch1.0
OR
lxmllxmlMatch1.0.1
OR
lxmllxmlMatch1.0.2
OR
lxmllxmlMatch1.0.3
OR
lxmllxmlMatch1.0.4
OR
lxmllxmlMatch1.1
OR
lxmllxmlMatch1.1.1
OR
lxmllxmlMatch1.1.2
OR
lxmllxmlMatch1.2
OR
lxmllxmlMatch1.2.1
OR
lxmllxmlMatch1.3
OR
lxmllxmlMatch1.3.1
OR
lxmllxmlMatch1.3.2
OR
lxmllxmlMatch1.3.3
OR
lxmllxmlMatch1.3.4
OR
lxmllxmlMatch1.3.5
OR
lxmllxmlMatch1.3.6
OR
lxmllxmlMatch2.0
OR
lxmllxmlMatch2.0.1
OR
lxmllxmlMatch2.0.2
OR
lxmllxmlMatch2.0.3
OR
lxmllxmlMatch2.0.4
OR
lxmllxmlMatch2.0.5
OR
lxmllxmlMatch2.0.6
OR
lxmllxmlMatch2.0.7
OR
lxmllxmlMatch2.0.8
OR
lxmllxmlMatch2.0.9
OR
lxmllxmlMatch2.0.10
OR
lxmllxmlMatch2.0.11
OR
lxmllxmlMatch2.1alpha1
OR
lxmllxmlMatch2.1beta1
OR
lxmllxmlMatch2.1beta2
OR
lxmllxmlMatch2.1beta3
OR
lxmllxmlMatch2.1.1
OR
lxmllxmlMatch2.1.2
OR
lxmllxmlMatch2.1.3
OR
lxmllxmlMatch2.1.4
OR
lxmllxmlMatch2.2-
OR
lxmllxmlMatch2.2alpha1
OR
lxmllxmlMatch2.2beta1
OR
lxmllxmlMatch2.2beta2
OR
lxmllxmlMatch2.2beta3
OR
lxmllxmlMatch2.2beta4
OR
lxmllxmlMatch2.2.1
OR
lxmllxmlMatch2.2.2
OR
lxmllxmlMatch2.2.3
OR
lxmllxmlMatch2.2.4
OR
lxmllxmlMatch2.2.5
OR
lxmllxmlMatch2.2.6
OR
lxmllxmlMatch2.2.7
OR
lxmllxmlMatch2.2.8
OR
lxmllxmlMatch2.3-
OR
lxmllxmlMatch2.3alpha1
OR
lxmllxmlMatch2.3alpha2
OR
lxmllxmlMatch2.3beta1
OR
lxmllxmlMatch2.3.1
OR
lxmllxmlMatch2.3.2
OR
lxmllxmlMatch2.3.3
OR
lxmllxmlMatch2.3.4
OR
lxmllxmlMatch2.3.5
OR
lxmllxmlMatch2.3.6
OR
lxmllxmlMatch3.0-
OR
lxmllxmlMatch3.0alpha1
OR
lxmllxmlMatch3.0alpha2
OR
lxmllxmlMatch3.0beta1
OR
lxmllxmlMatch3.0.1
OR
lxmllxmlMatch3.0.2
OR
lxmllxmlMatch3.1beta1
OR
lxmllxmlMatch3.1.0
OR
lxmllxmlMatch3.1.1
OR
lxmllxmlMatch3.1.2
OR
lxmllxmlMatch3.2.0
OR
lxmllxmlMatch3.2.1
OR
lxmllxmlMatch3.2.2
OR
lxmllxmlMatch3.2.3
OR
lxmllxmlMatch3.2.4
OR
lxmllxmlMatch3.2.5
OR
lxmllxmlMatch3.3.0-
OR
lxmllxmlMatch3.3.0beta1
OR
lxmllxmlMatch3.3.0beta2
OR
lxmllxmlMatch3.3.0beta3
OR
lxmllxmlMatch3.3.0beta4
OR
lxmllxmlMatch3.3.0beta5
OR
lxmllxmlMatch3.3.1
OR
lxmllxmlMatch3.3.2
OR
lxmllxmlMatch3.3.3

Related

nessus 25
openvas 17
osv 7
prion 2
debiancve 2
cvelist 2
debian 4
ubuntucve 2
mageia 1
github 2
ubuntu 1
cve 2
redhatcve 1
nvd 1
securityvulns 1
ibm 1
nessus
nessus
SuSE 11.3 Security Update : python-lxml (SAT Patch Number 9821)
2014-10-11 00:00:00
Mandriva Linux Security Advisory : python-lxml (MDVSA-2015:112)
2015-03-30 00:00:00
openSUSE Security Update : python-lxml (openSUSE-SU-2014:0735-1)
2014-06-13 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2941-1)
2014-05-31 00:00:00
Mageia: Security Advisory (MGASA-2014-0218)
2022-01-28 00:00:00
Debian Security Advisory DSA 2941-1 (lxml - security update)
2014-06-01 00:00:00
osv
osv
lxml - security update
2014-06-01 00:00:00
lxml Cross-site Scripting Via Control Characters
2022-05-14 04:01:59
PYSEC-2014-9
2014-05-14 19:55:00
prion
prion
Cross site scripting
2014-05-14 19:55:00
Design/Logic Flaw
2018-12-02 10:29:00
debiancve
debiancve
CVE-2014-3146
2014-05-14 19:55:11
CVE-2018-19787
2018-12-02 10:29:00
cvelist
cvelist
CVE-2014-3146
2014-05-14 19:00:00
CVE-2018-19787
2018-12-02 10:00:00
debian
debian
lxml security update
2014-06-26 17:16:35
[SECURITY] [DSA 2941-1] lxml security update
2014-06-01 08:36:18
lxml security update
2014-06-26 17:10:22
ubuntucve
ubuntucve
CVE-2014-3146
2014-05-14 00:00:00
CVE-2018-19787
2018-12-02 00:00:00
mageia
mageia
Updated python-lxml package fix CVE-2014-3146
2014-05-15 02:10:47
github
github
lxml Cross-site Scripting Via Control Characters
2022-05-14 04:01:59
Improper Neutralization of Input During Web Page Generation in LXML
2022-05-13 01:13:21
ubuntu
ubuntu
lxml vulnerability
2014-05-21 00:00:00
cve
cve
CVE-2014-3146
2014-05-14 19:55:11
CVE-2018-19787
2018-12-02 10:29:00
redhatcve
redhatcve
CVE-2018-19787
2018-12-17 23:08:11
nvd
nvd
CVE-2018-19787
2018-12-02 10:29:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-05-10 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
2024-05-09 12:31:16

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

86.0%

JSON
Related for NVD:CVE-2014-3146
nessus25openvas17osv7prion2debiancve2cvelist2debian4ubuntucve2mageia1github2ubuntu1cve2redhatcve1nvd1securityvulns1ibm1