Lucene search

K
osvGoogleOSV:PYSEC-2020-62
HistoryDec 03, 2020 - 5:15 p.m.

PYSEC-2020-62

2020-12-0317:15:00
Google
osv.dev
15
xss
vulnerability
python-lxml
clean module
remote attacker
html
js

EPSS

0.004

Percentile

73.0%

A XSS vulnerability was discovered in python-lxml’s clean module. The module’s parser didn’t properly imitate browsers, which caused different behaviors between the sanitizer and the user’s page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.