rpm package
suse/python3-lxml&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5
pkg:rpm/suse/python3-lxml&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-28957 | — | < 3.6.1-3.6.1 | 3.6.1-3.6.1 | Mar 21, 2021 | An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit thi | ||
| CVE-2020-27783 | — | < 3.6.1-3.3.1 | 3.6.1-3.3.1 | Dec 3, 2020 | A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. |
- CVE-2021-28957Mar 21, 2021affected < 3.6.1-3.6.1fixed 3.6.1-3.6.1
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit thi
- CVE-2020-27783Dec 3, 2020affected < 3.6.1-3.3.1fixed 3.6.1-3.3.1
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.