VYPR

rpm package

suse/python3-lxml&distro=SUSE Linux Enterprise Module for Public Cloud 12

pkg:rpm/suse/python3-lxml&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012

Vulnerabilities (2)

  • CVE-2021-28957Mar 21, 2021
    affected < 3.3.5-3.15.1fixed 3.3.5-3.15.1

    An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit thi

  • CVE-2020-27783Dec 3, 2020
    affected < 3.3.5-3.12.1fixed 3.3.5-3.12.1

    A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.