Astra Linux - уязвимость в lxml

A XSS vulnerability was discovered in the python-lxml’s clean module versions prior to 4.6.3. When the “safe attrsonly” and “forms” arguments are disabled, the Cleaner class does not remove the “formaction” attribute, allowing JavaScript to bypass the sanitizer. A remote attacker could exploit th...