10 matches found
UBUNTU-CVE-2026-28348
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...
CVE-2026-28350 lxml_html_clean: <base> tag injection through default Cleaner configuration
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...
CVE-2026-28348
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...
lxml_html_clean 安全漏洞
lxmlhtmlclean is a separate project derived from lxml.HTML.clean, open sourced by the Fedora Python SIG. Versions of lxmlhtmlclean prior to 0.4.4 contained security vulnerabilities. These vulnerabilities stemmed from the base tag being used with the default Cleaner configuration, which could allo...
lxml_html_clean 安全漏洞
lxmlhtmlclean is a separate project derived from lxml.HTML.clean, open sourced by the Fedora Python SIG. Versions of lxmlhtmlclean prior to 0.4.4 contained security vulnerabilities. These vulnerabilities stemmed from the hassneakyjavascript method, which strips backslashes before checking for...
Cross-site Scripting (XSS)
lxmlhtmlclean is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of context-switching for special HTML tags such as , , and by the HTML parser in versions prior to 0.4.0, allowing malicious scripts to bypass the cleaning process...
SUSE CVE-2024-52595
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...
CVE-2024-52595
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...
CVE-2024-52595 HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...
CVE-2024-52595 HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...