Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-2162)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-2109)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : python-lxml (EulerOS-SA-2021-2162)

According to the versions of the python-lxml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct...

EulerOS Virtualization for ARM 64 3.0.2.0 : python-lxml (EulerOS-SA-2021-2109)

According to the versions of the python-lxml package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove...

Medium: python-lxml

Issue Overview: A Cross-site Scripting XSS vulnerability was found in the python-lxml's clean module. The module's parser did not properly imitate browsers, causing different behaviors between the sanitizer and the user's page. This flaw allows a remote attacker to run arbitrary HTML/JS code. The...

Amazon Linux 2 : python-lxml (ALAS-2021-1666)

The version of python-lxml installed on the remote host is prior to 3.2.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1666 advisory. A Cross-site Scripting XSS vulnerability was found in the python-lxml's clean module. The module's parser did not properly...

MGASA-2021-0246 Updated python-lxml packages fix a security vulnerability

An XSS vulnerability was discovered in python-lxml’s clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

Updated python-lxml packages fix a security vulnerability

An XSS vulnerability was discovered in python-lxml’s clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

SUSE: Security Advisory (SUSE-SU-2014:1282-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-lxml (FEDORA-2021-4cdb0f68c7)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for python-lxml (FEDORA-2021-28723f9670)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CentOS 8 : python38:3.8 (CESA-2021:1879)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1879 advisory. - python: CRLF injection via HTTP request method in httplib/http.client CVE-2020-26116 - python-lxml: mXSS due to the use of improper parser...

CentOS 8 : python-lxml (CESA-2021:1898)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2021:1898 advisory. - python-lxml: mXSS due to the use of improper parser CVE-2020-27783 Note that Nessus has not tested for this issue but has instead relied only on the...

Oracle Linux 8 : python-lxml (ELSA-2021-1898)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2021-1898 advisory. 4.2.3-2 - Security fix for CVE-2020-27783: mXSS due to the use of improper parser Resolves: rhbz1901633 Tenable has extracted the preceding description block...

python-lxml security update

4.2.3-2 - Security fix for CVE-2020-27783: mXSS due to the use of improper parser Resolves: rhbz1901633...

RHEL 8 : python-lxml (RHSA-2021:1898)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:1898 advisory. lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: python-lxml: mX...

Moderate: Red Hat Security Advisory: python-lxml security update

An update for python-lxml is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

python-lxml: mXSS due to the use of improper parser

A Cross-site Scripting XSS vulnerability was found in the python-lxml's clean module. The module's parser did not properly imitate browsers, causing different behaviors between the sanitizer and the user's page. This flaw allows a remote attacker to run arbitrary HTML/JS code. The highest threat...

Moderate: Red Hat Security Advisory: python38:3.8 security update

An update for the python38:3.8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

python-lxml: mXSS due to the use of improper parser

A Cross-site Scripting XSS vulnerability was found in the python-lxml's clean module. The module's parser did not properly imitate browsers, causing different behaviors between the sanitizer and the user's page. This flaw allows a remote attacker to run arbitrary HTML/JS code. The highest threat...