43 matches found
Moderate: Red Hat Security Advisory: python-lxml security update
An update for python-lxml is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS
A flaw was found in python-lxml. The HTML5 formaction attribute is not input sanitized like the HTML action attribute is which can lead to a Cross-Site Scripting attack XSS when an application uses python-lxml to sanitize user inputs. The highest threat from this vulnerability is to data...
python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS
A flaw was found in python-lxml. The HTML5 formaction attribute is not input sanitized like the HTML action attribute is which can lead to a Cross-Site Scripting attack XSS when an application uses python-lxml to sanitize user inputs. The highest threat from this vulnerability is to data...
ALSA-2021:4158 Moderate: python-lxml security update
lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS CVE-2021-28957 For more details about the security issues, including the...
Moderate: python-lxml security update
lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS CVE-2021-28957 For more details about the security issues, including the...
python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS
A flaw was found in python-lxml. The HTML5 formaction attribute is not input sanitized like the HTML action attribute is which can lead to a Cross-Site Scripting attack XSS when an application uses python-lxml to sanitize user inputs. The highest threat from this vulnerability is to data...
Updated python-lxml packages fix a security vulnerability
An XSS vulnerability was discovered in python-lxml’s clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...
OESA-2021-1178 python-lxml security update
The lxml XML toolkit is a Pythonic binding for the C libraries libxml2 and libxslt. It is unique in that it combines the speed and XML feature completeness of these libraries with the simplicity of a native Python API, mostly compatible but superior to the well-known ElementTree API. The latest...
[SECURITY] [DLA 2606-1] lxml security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2606-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz March 24, 2021 https://wiki.debian.org/LTS -...
GHSA-JQ4V-F5Q6-MJQQ lxml vulnerable to Cross-Site Scripting
An XSS vulnerability was discovered in the python lxml clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...
CVE-2021-28957
A flaw was found in python-lxml. The HTML5 formaction attribute is not input sanitized like the HTML action attribute is which can lead to a Cross-Site Scripting attack XSS when an application uses python-lxml to sanitize user inputs. The highest threat from this vulnerability is to data...
ALPINE-CVE-2021-28957
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...
PYSEC-2021-19
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...
PYSEC-2021-19
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...
Lxml 跨站脚本漏洞
Lxml is a software from the individual developers of Lxml that can interact with Python for locating elements in Html. A cross-site scripting vulnerability exists in lxml 4.6.2, which stems from the HTML5 formaction attribute...
PT-2020-6126 · Lxml +9 · Lxml +9
Name of the Vulnerable Software and Affected Versions: lxml versions prior to 4.6.3 Description: A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. The issue arises when the safe attrs only and forms arguments are disabled in...
SquirrelMail Cross-Site Scripting Vulnerability (CNVD-2019-19609)
SquirrelMail is a cross-platform use of PHP4 development Webmail mail system . A cross-site scripting vulnerability exists in the email message display page of SquirrelMail 1.4.22 and earlier versions, which can be exploited by remote attackers to inject malicious scripts into a web page and...
CVE-2018-14954
The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute...
CVE-2018-14954
The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute...
Cross site scripting
The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute...