CVE-2025-3468

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cleanhtml and formfields parameters in all versions up to, and including, 8.9.1 due to insufficient input sanitization and output escaping. This makes it...

RHEL 5 : python-lxml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-lxml: XSS in lxml.html.clean module in lxml/html/clean.py CVE-2018-19787 - Incomplete blacklist...

Regular Expression Denial Of Service (ReDoS)

RedCloth is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists in the cleanhtml function of html.rb due to inefficient regular expressions complexity, leading to long parsing times or an application crash...

GHSA-57QW-CC2G-PV5P lxml Cross-site Scripting Via Control Characters

Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting XSS attacks via control characters in the link scheme to the cleanhtml function...

SuSE 11.3 Security Update : python-lxml (SAT Patch Number 9821)

This security update for python-lxml fixes a input sanitization flaw in cleanhtml. CVE-2014-3146 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell, Inc. ...

lxml security update

Package : lxml Version : 2.2.8-2+deb6u1 CVE ID : CVE-2014-3146 Debian Bug : 746812 It was discovered that cleanhtml function of lxml pythonic bindings for the libxml2 and libxslt libraries performed insufficient sanitisation for some non-printable characters. This could lead to cross-site scripti...

DSA-2941-1 lxml - security update

Bulletin has no description...

Debian Security Advisory DSA 2941-1 (lxml - security update)

It was discovered that cleanhtml function of lxml pythonic bindings for the libxml2 and libxslt libraries performed insufficient sanitisation for some non-printable characters. This could lead to cross-site scripting. OpenVAS Vulnerability Test $Id: deb2941.nasl 6735 2017-07-17 09:56:49Z teissa $...

Mandriva Linux Security Advisory : python-lxml (MDVSA-2014:088)

Updated python-lxml packages fix security vulnerability : The cleanhtml function, provided by the lxml.html.clean module, did not properly clean HTML input if it included non-printed characters \x01-\x08. A remote attacker could use this flaw to serve malicious content to an application using the...

Updated python-lxml package fix CVE-2014-3146

Updated python-lxml packages fix security vulnerability: The cleanhtml function, provided by the lxml.html.clean module, did not properly clean HTML input if it included non-printed characters \x01-\x08. A remote attacker could use this flaw to serve malicious content to an application using the...

DEBIAN-CVE-2014-3146

Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting XSS attacks via control characters in the link scheme to the cleanhtml function...

CVE-2014-3146

Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting XSS attacks via control characters in the link scheme to the cleanhtml function...

lxml - 'clean_html' Security Bypass

source: https://www.securityfocus.com/bid/67159/info lxml is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Versions prior to lxml 3.3.5 are vulnerable. from...

lxml - clean_html Security Bypass

lxml - cleanhtml Security Bypass source: https://www.securityfocus.com/bid/67159/info lxml is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Versions prior to lxml 3.3...

lxml Filter Bypass

Hi, all I've accidentally found vulnerability in cleanhtml function of lxml python library. User can break schema of url with nonprinted chars \x01-\x08. Seems like all versions including the latest 3.3.4 are vulnerable. Here is PoC. from lxml.html.clean import cleanhtml html = '''\ aaa bbb bbb b...