Important: python-lxml

Issue Overview: There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using python-lxml's HTML Cleaner may be able to trigger script execution in clients such as web...

Amazon Linux AMI : python-lxml (ALAS-2023-1709)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1709 advisory. A Cross-site Scripting XSS vulnerability was found in the python-lxml's clean module. The module's parser did not properly imitate browsers, causing different behaviors between the sanitizer and t...

Important: python-lxml

Issue Overview: A Cross-site Scripting XSS vulnerability was found in the python-lxml's clean module. The module's parser did not properly imitate browsers, causing different behaviors between the sanitizer and the user's page. This flaw allows a remote attacker to run arbitrary HTML/JS code. The...

CBL Mariner 2.0 Security Update: libxml2 / python-lxml (CVE-2022-2309)

The version of libxml2 / python-lxml installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-2309 advisory. - NULL Pointer Dereference allows attackers to cause a denial of service or application crash...

Amazon Linux 2 : python-lxml (ALAS-2023-1956)

The version of python-lxml installed on the remote host is prior to 3.2.1-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1956 advisory. Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to condu...

Important: python-lxml

Issue Overview: Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting XSS attacks via control characters in the link scheme to the cleanhtml function. CVE-2014-3146 An issue was discovered in lxml before 4.2.5...

SUSE CVE-2021-28957

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2023-1286)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : python-lxml (EulerOS-SA-2023-1286)

According to the versions of the python-lxml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and...

openSUSE 15 Security Update : python-lxml (SUSE-SU-2022:3836-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3836-1 advisory. - A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different...

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2023-1077)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.6 : python-lxml (EulerOS-SA-2023-1077)

According to the versions of the python-lxml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html...

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2022-2915)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2022-2941)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.1 : python-lxml (EulerOS-SA-2022-2941)

According to the versions of the python-lxml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is...

EulerOS Virtualization 2.10.0 : python-lxml (EulerOS-SA-2022-2915)

According to the versions of the python-lxml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is...

Oracle Linux 9 : python-lxml (ELSA-2022-8226)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-8226 advisory. - Security fix for CVE-2022-2309 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has no...

AlmaLinux 9 : python-lxml (ALSA-2022:8226)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2022:8226 advisory. - NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is used together with libxml2 2.9.10...

RHEL 9 : python-lxml (RHSA-2022:8226)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:8226 advisory. lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: lxml: NULL...

RLSA-2022:8226 Moderate: python-lxml security update

lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: lxml: NULL Pointer Dereference in lxml CVE-2022-2309 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...