Lucene search
Gentoo FoundationMGASA-2018-0497HistoryJan 01, 2019 - 1:42 a.m.
Updated python-lxml packages fix security vulnerability
2019-01-0101:42:09
Gentoo Foundation
advisories.mageia.org
9
0.004 Low
EPSS
Percentile
74.5%
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by “j a v a s c r i p t:” in Internet Explorer (CVE-2018-19787).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 6 | noarch | python-lxml | < 4.2.5-1 | python-lxml-4.2.5-1.mga6 |
Related
nessus
nessus
Fedora 28 : python-lxml (2018-67e98d4b7a)
2019-01-03 00:00:00
RHEL 8 : python-lxml (Unpatched Vulnerability)
2024-05-11 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : lxml vulnerability (USN-3841-1)
2018-12-11 00:00:00
openvas
openvas
Fedora Update for python-lxml FEDORA-2018-67e98d4b7a
2019-01-07 00:00:00
Fedora Update for python-lxml FEDORA-2018-4be0428ab2
2019-05-07 00:00:00
Ubuntu: Security Advisory (USN-3841-2)
2022-08-26 00:00:00
ubuntu
ubuntu
lxml vulnerability
2018-12-10 00:00:00
lxml vulnerability
2018-12-10 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: python-lxml-4.2.5-1.fc29
2018-12-21 19:42:19
[SECURITY] Fedora 28 Update: python-lxml-4.2.5-1.fc28
2019-01-03 02:27:09
cbl_mariner
cbl_mariner
CVE-2018-19787 affecting package python-lxml 4.2.4-7
2021-08-11 06:39:25
CVE-2018-19787 affecting package python-lxml for versions less than 4.8.0-1
2022-04-26 19:57:36
veracode
veracode
Cross-Site Scripting (XSS)
2018-09-19 01:17:20
redhatcve
redhatcve
CVE-2018-19787
2018-12-17 23:08:11
debian
debian
[SECURITY] [DLA 2467-1] lxml security update
2020-11-26 18:33:14
[SECURITY] [DLA 1604-1] lxml security update
2018-12-10 08:57:48
osv
osv
Improper Neutralization of Input During Web Page Generation in LXML
2022-05-13 01:13:21
PYSEC-2018-12
2018-12-02 10:29:00
lxml - security update
2020-11-26 00:00:00
cve
cve
CVE-2018-19787
2018-12-02 10:29:00
prion
prion
Design/Logic Flaw
2018-12-02 10:29:00
cvelist
cvelist
CVE-2018-19787
2018-12-02 10:00:00
ubuntucve
ubuntucve
CVE-2018-19787
2018-12-02 00:00:00
debiancve
debiancve
CVE-2018-19787
2018-12-02 10:29:00
github
github
Improper Neutralization of Input During Web Page Generation in LXML
2022-05-13 01:13:21
suse
suse
Security update for python-lxml (important)
2022-03-10 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-0406
2022-06-17 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0406
2022-06-17 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
2024-05-09 12:31:16