Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
FedoralovespythonLxml Html Clean*

3 matches found

CVE
CVEadded 2024/11/19 9:27 p.m.86 views

CVE-2024-52595

The CVE-2024-52595 issue affects lxml_html_clean (a cleaning module related to lxml.html.clean). Before version 0.4.0, the HTML Parser mishandles context-switching for tags such as , , and , causing CSS-comment content to be treated inconsistently and potentially enabling XSS in untrusted HTML sa...

7.7CVSS6.3AI score0.005EPSS
CVE
CVEadded 2026/03/05 7:49 p.m.21 views

CVE-2026-28350

CVE-2026-28350 affects the python-lxml_html_clean project. Prior to version 0.4.4, the tag bypassed the default Cleaner configuration, and although page_structure=True removes html, head, and title, there was no specific handling for , allowing an attacker to hijack relative links on the page. T...

6.1CVSS5.9AI score0.00016EPSS
CVE
CVEadded 2026/03/05 7:49 p.m.10 views

CVE-2026-28348

CVE-2026-28348 affects the python-lxml_html_clean package. Before 0.4.4, the _has_sneaky_javascript() path strips backslashes before checking dangerous CSS keywords, allowing CSS Unicode escapes to bypass @import and expression() filters, enabling external CSS loading or XSS in older browsers. Th...

6.1CVSS5.8AI score0.00051EPSS