mezzanine (>=3.0.0 <=3.0.4) potentially affected by CVE-2016-9910 via html5lib (=0.95.0)

html5lib PYPI version =0.95.0 is affected by a known vulnerability. The following packages have a transitive dependency on html5lib and may be impacted: - mezzanine =3.0.0, =3.0.4 Source cves: CVE-2016-9910 Source advisory: OSV:GHSA-8F6M-GFQ9-G33V...

mezzanine (>=3.0.0 <=3.0.4) potentially affected by CVE-2016-9910 via html5lib (=0.95.0)

html5lib PYPI version =0.95.0 is affected by a known vulnerability. The following packages have a transitive dependency on html5lib and may be impacted: - mezzanine =3.0.0, =3.0.4 Source cves: CVE-2016-9910 Source advisory: OSV:PYSEC-2017-15...

CVE-2016-9910

CVE-2016-9910 affects the html5lib serializer prior to 0.99999999 and enables cross-site scripting (XSS) through mishandling of special characters in attribute values, a distinct issue from CVE-2016-9909. The connected documents confirm this is a separate vulnerability entry without additional ex...

[ASA-201612-12] python2-html5lib: cross-site scripting

Arch Linux Security Advisory ASA-201612-12 ========================================== Severity: Low Date : 2016-12-12 CVE-ID : CVE-2016-9909 CVE-2016-9910 Package : python2-html5lib Type : cross-site scripting Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The packag...

[ASA-201612-13] python-html5lib: cross-site scripting

Arch Linux Security Advisory ASA-201612-13 ========================================== Severity: Low Date : 2016-12-12 CVE-ID : CVE-2016-9909 CVE-2016-9910 Package : python-html5lib Type : cross-site scripting Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...