Lucene search
K

43 matches found

RedHat Linux
RedHat Linux
added 2021/11/09 6:14 p.m.149 views

Moderate: Red Hat Security Advisory: python-lxml security update

An update for python-lxml is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

6.1CVSS6.5AI score0.04002EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2021/11/09 5:54 p.m.6 views

python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS

A flaw was found in python-lxml. The HTML5 formaction attribute is not input sanitized like the HTML action attribute is which can lead to a Cross-Site Scripting attack XSS when an application uses python-lxml to sanitize user inputs. The highest threat from this vulnerability is to data...

6.1CVSS7.2AI score0.04002EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/11/09 5:42 p.m.3 views

python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS

A flaw was found in python-lxml. The HTML5 formaction attribute is not input sanitized like the HTML action attribute is which can lead to a Cross-Site Scripting attack XSS when an application uses python-lxml to sanitize user inputs. The highest threat from this vulnerability is to data...

6.1CVSS7.2AI score0.04002EPSS
Exploits1References4
OSV
OSV
added 2021/11/09 8:26 a.m.21 views

ALSA-2021:4158 Moderate: python-lxml security update

lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS CVE-2021-28957 For more details about the security issues, including the...

6.1CVSS6.9AI score0.04002EPSS
Exploits1References1
AlmaLinux
AlmaLinux
added 2021/11/09 8:26 a.m.58 views

Moderate: python-lxml security update

lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS CVE-2021-28957 For more details about the security issues, including the...

6.1CVSS6.7AI score0.04002EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2021/08/24 12:50 p.m.4 views

python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS

A flaw was found in python-lxml. The HTML5 formaction attribute is not input sanitized like the HTML action attribute is which can lead to a Cross-Site Scripting attack XSS when an application uses python-lxml to sanitize user inputs. The highest threat from this vulnerability is to data...

6.1CVSS7.2AI score0.04002EPSS
Exploits1References4
Mageia
Mageia
added 2021/06/13 9:32 p.m.45 views

Updated python-lxml packages fix a security vulnerability

An XSS vulnerability was discovered in python-lxml’s clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

6.1CVSS3.5AI score0.04002EPSS
Exploits1References4
OSV
OSV
added 2021/05/06 11:2 a.m.5 views

OESA-2021-1178 python-lxml security update

The lxml XML toolkit is a Pythonic binding for the C libraries libxml2 and libxslt. It is unique in that it combines the speed and XML feature completeness of these libraries with the simplicity of a native Python API, mostly compatible but superior to the well-known ElementTree API. The latest...

6.1CVSS6.8AI score0.04002EPSS
Exploits1References2
Debian
Debian
added 2021/03/24 6:10 p.m.56 views

[SECURITY] [DLA 2606-1] lxml security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2606-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz March 24, 2021 https://wiki.debian.org/LTS -...

6.1CVSS6.8AI score0.04002EPSS
Exploits1
OSV
OSV
added 2021/03/22 4:53 p.m.2 views

GHSA-JQ4V-F5Q6-MJQQ lxml vulnerable to Cross-Site Scripting

An XSS vulnerability was discovered in the python lxml clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

6.1CVSS6.9AI score0.04002EPSS
Exploits1References17
RedhatCVE
RedhatCVE
added 2021/03/22 10:58 a.m.48 views

CVE-2021-28957

A flaw was found in python-lxml. The HTML5 formaction attribute is not input sanitized like the HTML action attribute is which can lead to a Cross-Site Scripting attack XSS when an application uses python-lxml to sanitize user inputs. The highest threat from this vulnerability is to data...

6.1CVSS1.2AI score0.04002EPSS
Exploits1References3
OSV
OSV
added 2021/03/21 5:15 a.m.3 views

ALPINE-CVE-2021-28957

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

6.1CVSS6.8AI score0.04002EPSS
Exploits1References1
PyPA
PyPA
added 2021/03/21 5:15 a.m.6 views

PYSEC-2021-19

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

6.1CVSS6.4AI score0.04002EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2021/03/21 5:15 a.m.10 views

PYSEC-2021-19

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

6.1CVSS6.9AI score0.04002EPSS
Exploits1References6
CNNVD
CNNVD
added 2021/03/21 12:0 a.m.2 views

Lxml 跨站脚本漏洞

Lxml is a software from the individual developers of Lxml that can interact with Python for locating elements in Html. A cross-site scripting vulnerability exists in lxml 4.6.2, which stems from the HTML5 formaction attribute...

6.1CVSS7AI score0.04002EPSS
Exploits1References29
Positive Technologies
Positive Technologies
added 2020/07/19 12:0 a.m.10 views

PT-2020-6126 · Lxml +9 · Lxml +9

Name of the Vulnerable Software and Affected Versions: lxml versions prior to 4.6.3 Description: A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. The issue arises when the safe attrs only and forms arguments are disabled in...

9.8CVSS6.8AI score0.57499EPSS
Exploits18References232
CNVD
CNVD
added 2018/08/06 12:0 a.m.12 views

SquirrelMail Cross-Site Scripting Vulnerability (CNVD-2019-19609)

SquirrelMail is a cross-platform use of PHP4 development Webmail mail system . A cross-site scripting vulnerability exists in the email message display page of SquirrelMail 1.4.22 and earlier versions, which can be exploited by remote attackers to inject malicious scripts into a web page and...

6.1CVSS6.2AI score0.01647EPSS
Exploits1References1
OSV
OSV
added 2018/08/05 6:29 p.m.3 views

CVE-2018-14954

The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute...

6.1CVSS5.8AI score0.01647EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2018/08/05 6:29 p.m.20 views

CVE-2018-14954

The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute...

6.1CVSS6.7AI score0.01647EPSS
Exploits1References4
Prion
Prion
added 2018/08/05 6:29 p.m.17 views

Cross site scripting

The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute...

4.3CVSS5.9AI score0.01647EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder