Lucene search

K
ubuntuUbuntuUSN-4666-1
HistoryDec 09, 2020 - 12:00 a.m.

lxml vulnerability

2020-12-0900:00:00
ubuntu.com
46
lxml
vulnerability
ubuntu
html
xss
pythonic binding
libxml2
libxslt
libraries
unix

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

7

Confidence

High

EPSS

0.004

Percentile

73.0%

Releases

  • Ubuntu 20.10
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM
  • Ubuntu 12.04

Packages

  • lxml - pythonic binding for the libxml2 and libxslt libraries

Details

It was discovered that lxml incorrectly handled certain HTML.
An attacker could possibly use this issue to cross-site scripting (XSS) attacks.

Rows per page:
1-10 of 281

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

7

Confidence

High

EPSS

0.004

Percentile

73.0%