Lucene search
GoogleOSV:GHSA-XP26-P53H-6H2PHistoryMay 13, 2022 - 1:13 a.m.
Improper Neutralization of Input During Web Page Generation in LXML
2022-05-1301:13:21
Google
osv.dev
11
0.013 Low
EPSS
Percentile
86.0%
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by “j a v a s c r i p t:” in Internet Explorer. This is a similar issue to CVE-2014-3146.
References
github.com/advisories/GHSA-xp26-p53h-6h2p
github.com/lxml/lxml
github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109
github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2018-12.yaml
lists.debian.org/debian-lts-announce/2018/12/msg00001.html
lists.debian.org/debian-lts-announce/2020/11/msg00044.html
nvd.nist.gov/vuln/detail/CVE-2018-19787
usn.ubuntu.com/3841-1
usn.ubuntu.com/3841-2
Related
nessus
nessus
Debian DLA-1604-1 : lxml security update
2018-12-11 00:00:00
EulerOS 2.0 SP8 : python-lxml (EulerOS-SA-2020-2529)
2020-12-14 00:00:00
osv
osv
CVE-2018-19787
2018-12-02 10:29:00
PYSEC-2018-12
2018-12-02 10:29:00
lxml - security update
2014-06-01 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2020-2235)
2020-10-21 00:00:00
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2020-2529)
2020-12-15 00:00:00
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2020-2236)
2020-10-21 00:00:00
nvd
nvd
CVE-2018-19787
2018-12-02 10:29:00
CVE-2014-3146
2014-05-14 19:55:11
debian
debian
[SECURITY] [DLA 1604-1] lxml security update
2018-12-10 08:47:41
lxml security update
2014-06-26 17:16:35
[SECURITY] [DSA 2941-1] lxml security update
2014-06-01 08:36:18
cve
cve
CVE-2018-19787
2018-12-02 10:29:00
CVE-2014-3146
2014-05-14 19:55:11
github
github
Improper Neutralization of Input During Web Page Generation in LXML
2022-05-13 01:13:21
lxml Cross-site Scripting Via Control Characters
2022-05-14 04:01:59
cvelist
cvelist
CVE-2018-19787
2018-12-02 10:00:00
CVE-2014-3146
2014-05-14 19:00:00
prion
prion
Design/Logic Flaw
2018-12-02 10:29:00
Cross site scripting
2014-05-14 19:55:00
ubuntucve
ubuntucve
CVE-2018-19787
2018-12-02 00:00:00
CVE-2014-3146
2014-05-14 00:00:00
debiancve
debiancve
CVE-2018-19787
2018-12-02 10:29:00
CVE-2014-3146
2014-05-14 19:55:11
redhatcve
redhatcve
CVE-2018-19787
2018-12-17 23:08:11
veracode
veracode
Cross-Site Scripting (XSS)
2018-09-19 01:17:20
ubuntu
ubuntu
lxml vulnerability
2018-12-10 00:00:00
lxml vulnerability
2018-12-10 00:00:00
lxml vulnerability
2014-05-21 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: python-lxml-4.2.5-1.fc29
2018-12-21 19:42:19
[SECURITY] Fedora 28 Update: python-lxml-4.2.5-1.fc28
2019-01-03 02:27:09
cbl_mariner
cbl_mariner
CVE-2018-19787 affecting package python-lxml 4.2.4-7
2021-08-11 06:39:25
CVE-2018-19787 affecting package python-lxml for versions less than 4.8.0-1
2022-04-26 19:57:36
mageia
mageia
Updated python-lxml packages fix security vulnerability
2019-01-01 01:42:09
Updated python-lxml package fix CVE-2014-3146
2014-05-15 02:10:47
suse
suse
Security update for python-lxml (important)
2022-03-10 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-0406
2022-06-17 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0406
2022-06-17 00:00:00
securityvulns
securityvulns
ibm
ibm
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
2024-05-09 12:31:16