397 matches found
ALSA-2021:4158 Moderate: python-lxml security update
lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS CVE-2021-28957 For more details about the security issues, including the...
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-2610)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : python-lxml (EulerOS-SA-2021-2610)
According to the versions of the python-lxml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms argument...
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-2539)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-2563)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-2517)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : python-lxml (EulerOS-SA-2021-2539)
According to the versions of the python-lxml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms argument...
EulerOS 2.0 SP5 : python-lxml (EulerOS-SA-2021-2517)
According to the versions of the python-lxml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms argument...
EulerOS 2.0 SP9 : python-lxml (EulerOS-SA-2021-2563)
According to the versions of the python-lxml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms argument...
EulerOS 2.0 SP8 : python-lxml (EulerOS-SA-2021-2483)
According to the versions of the python-lxml packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms...
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-2483)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-2431)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP2 : python-lxml (EulerOS-SA-2021-2431)
According to the version of the python-lxml package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different...
python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS
A flaw was found in python-lxml. The HTML5 formaction attribute is not input sanitized like the HTML action attribute is which can lead to a Cross-Site Scripting attack XSS when an application uses python-lxml to sanitize user inputs. The highest threat from this vulnerability is to data...
python-lxml: mXSS due to the use of improper parser
A Cross-site Scripting XSS vulnerability was found in the python-lxml's clean module. The module's parser did not properly imitate browsers, causing different behaviors between the sanitizer and the user's page. This flaw allows a remote attacker to run arbitrary HTML/JS code. The highest threat...
CVE-2018-19787 affecting package python-lxml 4.2.4-7
CVE-2018-19787 affecting package python-lxml 4.2.4-7. An upgraded version of the package is available that resolves this issue...
CVE-2021-28957 affecting package python-lxml 4.2.4-7
CVE-2021-28957 affecting package python-lxml 4.2.4-7. An upgraded version of the package is available that resolves this issue...
CVE-2020-27783 affecting package python-lxml 4.2.4-7
CVE-2020-27783 affecting package python-lxml 4.2.4-7. An upgraded version of the package is available that resolves this issue...
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.
...
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
...