PT-2023-22198

Name of the Vulnerable Software and Affected Versions XWiki Commons versions 4.2-milestone-1 through 14.6 RC1 Description The "restricted" mode of the HTML cleaner in XWiki only escaped and -tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like . This...

Amazon Linux AMI : python-lxml (ALAS-2023-1709)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1709 advisory. A Cross-site Scripting XSS vulnerability was found in the python-lxml's clean module. The module's parser did not properly imitate browsers, causing different behaviors between the sanitizer and t...

Important: python-lxml

Issue Overview: There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using python-lxml's HTML Cleaner may be able to trigger script execution in clients such as web...

Amazon Linux 2023 : python3-lxml (ALAS2023-2023-034)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-034 advisory. There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using...

Important: python-lxml

Issue Overview: A Cross-site Scripting XSS vulnerability was found in the python-lxml's clean module. The module's parser did not properly imitate browsers, causing different behaviors between the sanitizer and the user's page. This flaw allows a remote attacker to run arbitrary HTML/JS code. The...

Important: python-lxml

Issue Overview: Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting XSS attacks via control characters in the link scheme to the cleanhtml function. CVE-2014-3146 An issue was discovered in lxml before 4.2.5...

SUSE CVE-2021-43818

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in lxml (CVE-2021-43818)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in lxml, caused by a flaw in HTML Cleaner in lxml.html. . CVE-2021-43818. Lxml is used in the base operating system by IBM Watson Speech. Please read the details for remediation...

EulerOS Virtualization 3.0.2.6 : python-lxml (EulerOS-SA-2023-1077)

According to the versions of the python-lxml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html...

NewStart CGSL MAIN 6.02 : python-lxml Vulnerability (NS-SA-2022-0101)

The remote NewStart CGSL host, running version MAIN 6.02, has python-lxml packages installed that are affected by a vulnerability: - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass...

Amazon Linux 2022 : python3-lxml (ALAS2022-2022-178)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-178 advisory. There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using python-lxml's...

Amazon Linux 2022 : python3-lxml (ALAS2022-2022-074)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-074 advisory. There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using python-lxml's...

EulerOS 2.0 SP3 : python-lxml (EulerOS-SA-2022-1758)

According to the versions of the python-lxml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain...

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2022-1758)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AlmaLinux 8 : python38:3.8 and python38-devel:3.8 (ALSA-2022:1764)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1764 advisory. python: urllib: Regular expression DoS in AbstractBasicAuthHandler CVE-2021-3733 python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass...

AlmaLinux 8 : python39:3.9 and python39-devel:3.9 (ALSA-2022:1763)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:1763 advisory. python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-43818 Tenable has extracted the preceding description block directly fro...

RHEL 8 : python27:2.7 (RHSA-2022:1821)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1821 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic...

RHEL 8 : python39:3.9 and python39-devel:3.9 (RHSA-2022:1763)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1763 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

RHEL 8 : python38:3.8 and python38-devel:3.8 (RHSA-2022:1764)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1764 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through

There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using python-lxml's HTML Cleaner may be able to trigger script execution in clients such as web browsers. This can...