0.003 Low
EPSS
Percentile
70.9%
html5lib is vulnerable to cross-site scripting (XSS) attacks. It is because the html serializer does not properly handle the < (less than) characters in attribute values.
<
www.openwall.com/lists/oss-security/2016/12/08/8
www.securityfocus.com/bid/95132
github.com/html5lib/html5lib-python/issues/11
github.com/html5lib/html5lib-python/pull/95
html5lib.readthedocs.io/en/latest/changes.html#b9
www.sourceclear.com/registry/security/cross-site-scripting-xss-/javascript/sid-3068