2 matches found
Improper Encoding or Escaping of Output
Overview lxml-html-clean is a HTML cleaner from lxml project Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the default Cleaner configuration due to the incomplete pagestructure kill set that does not account for tags outside tags. An attacker can...
PT-2026-22701
Name of the Vulnerable Software and Affected Versions lxml html clean versions prior to 0.4.4 Description The software does not properly handle the tag during HTML cleaning. Specifically, the tag is not removed even when page structure=True, which removes html, head, and title tags. This allows a...