EUVD-2023-1348

Malicious code in bioql PyPI...

TencentOS Server 3: python-lxml (TSSA-2022:0172)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0172 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0152: python-lxml (ALINUX3-SA-2023:0152)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0152 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-43818: lxml is a library for processing XM...

UBUNTU-CVE-2024-52595

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...

CVE-2024-52595 HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...

CVE-2024-52595

The CVE-2024-52595 issue affects lxml_html_clean (a cleaning module related to lxml.html.clean). Before version 0.4.0, the HTML Parser mishandles context-switching for tags such as , , and , causing CSS-comment content to be treated inconsistently and potentially enabling XSS in untrusted HTML sa...

GHSA-5JFW-GQ64-Q45F HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through

Impact The HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags. Specifically, content in CSS comments is ignored by lxmlhtmlclean but may be interpreted differently by web...

CLSA-2024-1729629058 python-lxml: Fix of CVE-2021-43818

CVE-2021-43818: prevent certain crafted script content passing through in HTML Cleaner...

RHEL 6 : python-lxml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-43818 - An iss...

RHEL 7 : python-lxml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-43818 - An iss...

CVE-2024-34078

html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...

CVE-2024-34078

html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...

CVE-2024-34078 html-sanitizer allows arbitrary HTML present after sanitization because of unicode normalization

html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...

CVE-2024-34078 html-sanitizer allows arbitrary HTML present after sanitization because of unicode normalization

html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...

CVE-2024-34078

html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...

CVE-2024-34078 html-sanitizer allows arbitrary HTML present after sanitization because of unicode normalization

html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...

Ubuntu: Security Advisory (USN-6683-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 9 : python-lxml-4.6.5-1.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the python- lxml-4.6.5-1.el9 build changelog. - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain...

html-cleaner.com Cross Site Scripting vulnerability OBB-3834701

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

NewStart CGSL MAIN 6.06 : python-cryptography Multiple Vulnerabilities (NS-SA-2023-0140)

The remote NewStart CGSL host, running version MAIN 6.06, has python-cryptography packages installed that are affected by multiple vulnerabilities: - In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This in some situations...