121 matches found
lxml injection vulnerability
Lxml is a personal developer of Lxml can be interacted with Python for locating elements in Html. An injection vulnerability exists in versions of lxml prior to 4.6.5, which stems from the fact that HTML Cleaner allows the passage of certain carefully crafted scripted content, as well as scripted...
CVE-2021-43818
There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using python-lxml's HTML Cleaner may be able to trigger script execution in clients such as web browsers. This can...
ALPINE-CVE-2021-43818
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
AZL-7025 CVE-2021-43818 affecting package python-lxml for versions less than 4.8.0-1
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
DEBIAN-CVE-2021-43818
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
CVE-2021-43818
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
Hardcoded credentials
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
UBUNTU-CVE-2021-43818
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
CVE-2021-43818
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
PYSEC-2021-852
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
PYSEC-2021-852
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through
Impact The HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5. Patches The issue has been resolved in lxml 4.6.5...
GHSA-55X5-FJ6C-H6M8 lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through
Impact The HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5. Patches The issue has been resolved in lxml 4.6.5...
CVE-2021-43818 HTML Cleaner allows crafted and SVG embedded scripts to pass through
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
CVE-2021-43818 HTML Cleaner allows crafted and SVG embedded scripts to pass through
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
CVE-2021-43818
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
CVE-2021-43818
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
lxml 注入漏洞
Lxml is a personal developer of Lxml can be interacted with Python for locating elements in Html. An injection vulnerability exists in versions of lxml prior to 4.6.5, which stems from the fact that HTML Cleaner allows the passage of certain carefully crafted scripted content, as well as scripted...
PT-2021-6092 · Lxml +10 · Lxml +10
Name of the Vulnerable Software and Affected Versions: lxml versions prior to 4.6.5 Description: The HTML Cleaner in lxml.html allows certain crafted script content to pass through, as well as script content in SVG files embedded using data URIs. This can be exploited by a remote attacker to...
David Kitchen bluemonday 跨站脚本漏洞
David Kitchen bluemonday is David Kitchen an open source application . HTML cleaner for implementation in Go. A cross-site scripting vulnerability exists in bluemonday before 1.0.5, which stems from a specific Go lowercase to uppercase conversion, "script" string protection mechanism...