Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2941-1
HistoryJun 01, 2014 - 12:00 a.m.

lxml - security update

2014-06-0100:00:00
Google
osv.dev
9

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

It was discovered that clean_html() function of lxml (pythonic bindings
for the libxml2 and libxslt libraries) performed insufficient
sanitisation for some non-printable characters. This could lead to
cross-site scripting.

For the stable distribution (wheezy), this problem has been fixed in
version 2.3.2-1+deb7u1.

For the testing distribution (jessie), this problem has been fixed in
version 3.3.5-1.

For the unstable distribution (sid), this problem has been fixed in
version 3.3.5-1.

We recommend that you upgrade your lxml packages.

CPENameOperatorVersion
lxmleq2.3.2-1

Related

openvas 17
prion 2
debiancve 2
nessus 20
osv 6
debian 4
ubuntu 1
cve 2
github 2
ubuntucve 2
mageia 1
redhatcve 1
securityvulns 1
ibm 1
openvas
openvas
Debian Security Advisory DSA 2941-1 (lxml - security update)
2014-06-01 00:00:00
Debian: Security Advisory (DSA-2941-1)
2014-05-31 00:00:00
Mageia: Security Advisory (MGASA-2014-0218)
2022-01-28 00:00:00
prion
prion
Cross site scripting
2014-05-14 19:55:00
Design/Logic Flaw
2018-12-02 10:29:00
debiancve
debiancve
CVE-2014-3146
2014-05-14 19:55:00
CVE-2018-19787
2018-12-02 10:29:00
nessus
nessus
openSUSE Security Update : python-lxml (openSUSE-SU-2014:0735-1)
2014-06-13 00:00:00
Mandriva Linux Security Advisory : python-lxml (MDVSA-2015:112)
2015-03-30 00:00:00
SuSE 11.3 Security Update : python-lxml (SAT Patch Number 9821)
2014-10-11 00:00:00
osv
osv
PYSEC-2014-9
2014-05-14 19:55:00
lxml - security update
2014-06-26 00:00:00
lxml Cross-site Scripting Via Control Characters
2022-05-14 04:01:59
debian
debian
lxml security update
2014-06-26 17:10:22
lxml security update
2014-06-26 17:16:35
[SECURITY] [DSA 2941-1] lxml security update
2014-06-01 08:36:44
ubuntu
ubuntu
lxml vulnerability
2014-05-21 00:00:00
cve
cve
CVE-2014-3146
2014-05-14 19:55:00
CVE-2018-19787
2018-12-02 10:29:00
github
github
lxml Cross-site Scripting Via Control Characters
2022-05-14 04:01:59
Improper Neutralization of Input During Web Page Generation in LXML
2022-05-13 01:13:21
ubuntucve
ubuntucve
CVE-2014-3146
2014-05-14 00:00:00
CVE-2018-19787
2018-12-02 00:00:00
mageia
mageia
Updated python-lxml package fix CVE-2014-3146
2014-05-15 02:10:47
redhatcve
redhatcve
CVE-2018-19787
2018-12-17 23:08:11
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-05-10 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
2024-05-09 12:31:16

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON
Related for OSV:DSA-2941-1
openvas17prion2debiancve2nessus20osv6debian4ubuntu1cve2github2ubuntucve2mageia1redhatcve1securityvulns1ibm1