Lucene search
GoogleOSV:PYSEC-2017-14HistoryFeb 22, 2017 - 4:59 p.m.
PYSEC-2017-14
2017-02-2216:59:00
Google
osv.dev
5
0.003 Low
EPSS
Percentile
70.9%
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values.
References
www.openwall.com/lists/oss-security/2016/12/06/5
www.openwall.com/lists/oss-security/2016/12/08/8
www.securityfocus.com/bid/95132
github.com/advisories/GHSA-v9v9-xffq-rwr4
github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
github.com/html5lib/html5lib-python/issues/11
github.com/html5lib/html5lib-python/issues/12
html5lib.readthedocs.io/en/latest/changes.html#b9
Related
veracode
veracode
Cross-Site Scripting (XSS)
2017-05-24 06:16:01
cve
cve
CVE-2016-9909
2017-02-22 16:59:00
CVE-2016-9910
2017-02-22 16:59:00
osv
osv
Improper Neutralization of Input During Web Page Generation in html5lib
2022-05-17 02:57:58
CVE-2016-9909
2017-02-22 16:59:00
Cross-site Scripting in html5lib
2022-05-17 02:57:57
prion
prion
Cross site scripting
2017-02-22 16:59:00
Cross site scripting
2017-02-22 16:59:00
github
github
Improper Neutralization of Input During Web Page Generation in html5lib
2022-05-17 02:57:58
Cross-site Scripting in html5lib
2022-05-17 02:57:57
debiancve
debiancve
CVE-2016-9909
2017-02-22 16:59:00
CVE-2016-9910
2017-02-22 16:59:00
cvelist
cvelist
CVE-2016-9909
2017-02-22 16:00:00
CVE-2016-9910
2017-02-22 16:00:00
nvd
nvd
CVE-2016-9909
2017-02-22 16:59:00
CVE-2016-9910
2017-02-22 16:59:00
mageia
mageia
Updated python-html5lib packages fix security vulnerability
2017-01-04 01:05:03
ubuntucve
ubuntucve
CVE-2016-9909
2017-02-22 00:00:00
CVE-2016-9910
2017-02-22 00:00:00
archlinux
archlinux
[ASA-201612-13] python-html5lib: cross-site scripting
2016-12-12 00:00:00
[ASA-201612-12] python2-html5lib: cross-site scripting
2016-12-12 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2017-0001)
2022-01-28 00:00:00