python-lxml: mXSS due to the use of improper parser

A Cross-site Scripting XSS vulnerability was found in the python-lxml's clean module. The module's parser did not properly imitate browsers, causing different behaviors between the sanitizer and the user's page. This flaw allows a remote attacker to run arbitrary HTML/JS code. The highest threat...

new module: python39:3.9

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-toml, python-urllib3, PyYAML, python-attrs, python-iniconfig, python-requests, modwsgi, python3x-pip, python-py, python-chardet, python-pluggy, Cython, python-psutil,...

python-lxml security update

An update is available for python-lxml. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list lxml is an XML processing library providing access to libxml2 and libxslt...

RLSA-2021:1898 Moderate: python-lxml security update

lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: python-lxml: mXSS due to the use of improper parser CVE-2020-27783 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

OESA-2021-1178 python-lxml security update

The lxml XML toolkit is a Pythonic binding for the C libraries libxml2 and libxslt. It is unique in that it combines the speed and XML feature completeness of these libraries with the simplicity of a native Python API, mostly compatible but superior to the well-known ElementTree API. The latest...

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-1839)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : python-lxml (EulerOS-SA-2021-1839)

According to the versions of the python-lxml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused differe...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : lxml vulnerability (USN-4896-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4896-1 advisory. It was discovered that lxml incorrectly handled certain HTML attributes. A remote attacker could possibly use this issue to perform...

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-1701)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : python-lxml (EulerOS-SA-2021-1701)

According to the version of the python-lxml package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different...

CVE-2021-28957

A flaw was found in python-lxml. The HTML5 formaction attribute is not input sanitized like the HTML action attribute is which can lead to a Cross-Site Scripting attack XSS when an application uses python-lxml to sanitize user inputs. The highest threat from this vulnerability is to data...

AZL-6808 CVE-2021-28957 affecting package python-lxml for versions less than 4.8.0-1

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

DEBIAN-CVE-2021-28957

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

CVE-2021-28957

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

ALPINE-CVE-2021-28957

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

CVE-2021-28957

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

PYSEC-2021-19

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

Cross site scripting

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

CVE-2021-28957

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

UBUNTU-CVE-2021-28957

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...