121 matches found
HAX 安全漏洞
HAX is an open-source microsite managed using HAX+CMS with a PHP backend. Versions of HAX 26.0.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the /system/api/saveNode endpoint, which had a storage-oriented cross-site scripting vulnerability. Users with edit...
JupyterLab 跨站脚本漏洞
JupyterLab is an open-source extension designed for interactive and reproducible computing environments, based on the Jupyter Notebook framework. Versions of JupyterLab prior to 4.5.7 contained a cross-site scripting vulnerability. This vulnerability stemmed from the HTML cleaner allowing...
[SECURITY] Fedora 44 Update: python-lxml-html-clean-0.4.4-1.fc44
HTML cleaner from lxml project...
CVE-2026-28350
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...
CVE-2026-28350
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...
CVE-2026-28350
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...
CVE-2026-28350 lxml_html_clean: <base> tag injection through default Cleaner configuration
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...
CVE-2026-28350
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...
lxml_html_clean 安全漏洞
lxmlhtmlclean is a separate project derived from lxml.HTML.clean, open sourced by the Fedora Python SIG. Versions of lxmlhtmlclean prior to 0.4.4 contained security vulnerabilities. These vulnerabilities stemmed from the base tag being used with the default Cleaner configuration, which could allo...
GHSA-XVP8-3MHV-424C lxml-html-clean has <base> tag injection through default Cleaner configuration
Summary The tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inject it and hijack relative links on the page. Details The tag is not currently in the pagestructure kill se...
Saleor security vulnerabilities
Saleor is an open-source interface software developed by Saleor Commerce. Vulnerabilities existed in versions of Saleor 3.0.0 through 3.20.108, as well as versions before 3.21.43 and 3.22.27. These vulnerabilities stemmed from allowing users to modify HTML in rich text fields without running the...
MiracleLinux 8 : python39:3.9 and python39-devel:3.9 (AXSA:2022-3597:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3597:01 advisory. python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-43818 Tenable has extracted the preceding description block direct...
MiracleLinux 8 : python27:2.7 (AXSA:2022-3551:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3551:01 advisory. python: urllib: Regular expression DoS in AbstractBasicAuthHandler CVE-2021-3733 python: ftplib should not use the host from the PASV response...
MiracleLinux 7 : python-lxml-3.2.1-4.0.1.el7.AXS7 (AXSA:2024-8989:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8989:01 advisory. CVE-2021-43818: prevent certain crafted script content passing through in HTML Cleaner CVEs: CVE-2021-43818 lxml is a library for processing XML and HTML in...
MiracleLinux 8 : python-lxml-4.2.3-4.el8 (AXSA:2022-3370:01)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3370:01 advisory. python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-43818 Tenable has extracted the preceding description block direct...
CVE-2023-29201
XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped...
CVE-2023-29528
XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting...
EUVD-2021-0117
Malware in sbrugna...
EUVD-2024-1840
Malicious code in bioql PyPI...
EUVD-2023-1420
Malicious code in bioql PyPI...