A XSS vulnerability was discovered in python-lxml’s clean module. The module’s parser didn’t properly imitate browsers, which caused different behaviors between the sanitizer and the user’s page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.

CPENameOperatorVersion
lxmleq4.4.0
lxmleq4.4.1
lxmleq3.0
lxmleq3.3.0beta4
lxmleq2.3
lxmleq3.3.4
lxmleq4.6.0
lxmleq3.3.0beta1
lxmleq1.3.2
lxmleq4.4.2

Name	Operator	Version
lxml	eq	4.4.0
lxml	eq	4.4.1
lxml	eq	3.0
lxml	eq	3.3.0beta4
lxml	eq	2.3
lxml	eq	3.3.4
lxml	eq	4.6.0
lxml	eq	3.3.0beta1
lxml	eq	1.3.2
lxml	eq	4.4.2

Rows per page:

1-10 of 1311

References

advisory.checkmarx.net/advisory/CX-2020-4286

bugzilla.redhat.com/show_bug.cgi?id=1901633

github.com/advisories/GHSA-pgww-xf46-h92r

lists.debian.org/debian-lts-announce/2020/12/msg00028.html

lists.fedoraproject.org/archives/list/[email protected]/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL/

lists.fedoraproject.org/archives/list/[email protected]/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK/

www.debian.org/security/2020/dsa-4810

nessus 45

osv 11

openvas 23

ubuntu 2

fedora 2

cbl_mariner 2

prion 1

debian 3

debiancve 1

nvd 1

oraclelinux 4

ubuntucve 1

veracode 1

alpinelinux 1

mageia 1

cve 1

amazon 2

github 1

rocky 3

archlinux 1

cvelist 1

redhatcve 1

redhat 6

suse 2

photon 2

almalinux 2

ibm 3

oracle 1

nessus

Debian DLA-2467-2 : lxml regression update

2020-11-30 00:00:00

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : lxml vulnerability (USN-4666-1)

2020-12-09 00:00:00

Fedora 33 : python-lxml (2020-0e055ea503)

2021-01-14 00:00:00

osv

Moderate: python-lxml security update

2021-05-18 06:21:26

lxml - security update

2020-12-13 00:00:00

lxml vulnerable to Cross-site Scripting

2021-01-07 21:54:01

openvas

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-1035)

2021-01-08 00:00:00

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-1016)

2021-01-08 00:00:00

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-2431)

2021-09-15 00:00:00

ubuntu

lxml vulnerability

2020-12-09 00:00:00

lxml vulnerability

2020-12-11 00:00:00

fedora

[SECURITY] Fedora 32 Update: python-lxml-4.4.1-5.fc32

2021-01-14 01:43:47

[SECURITY] Fedora 33 Update: python-lxml-4.5.1-3.fc33

2021-01-14 01:39:59

cbl_mariner

CVE-2020-27783 affecting package python-lxml 4.2.4-7

2021-08-11 06:39:25

CVE-2020-27783 affecting package python-lxml for versions less than 4.8.0-1

2022-04-26 19:57:36

prion

Cross site scripting

2020-12-03 17:15:00

debian

[SECURITY] [DSA 4810-1] lxml security update

2020-12-13 18:19:20

[SECURITY] [DLA 2467-2] lxml regression update

2020-12-18 13:14:42

[SECURITY] [DLA 2467-1] lxml security update

2020-11-26 18:32:53

debiancve

CVE-2020-27783

2020-12-03 17:15:13

nvd

CVE-2020-27783

2020-12-03 17:15:13

oraclelinux

python-lxml security update

2021-05-25 00:00:00

python38:3.8 security update

2021-05-25 00:00:00

python27:2.7 security and bug fix update

2021-05-25 00:00:00

ubuntucve

CVE-2020-27783

2020-12-03 00:00:00

veracode

Cross-site Scripting (XSS)

2020-11-30 02:54:37

alpinelinux

CVE-2020-27783

2020-12-03 17:15:13

mageia

Updated python-lxml packages fix a security vulnerability

2021-01-17 19:07:01

cve

CVE-2020-27783

2020-12-03 17:15:13

amazon

Medium: python-lxml

2021-06-16 20:37:00

Important: python-lxml

2023-03-17 15:53:00

github

lxml vulnerable to Cross-site Scripting

2021-01-07 21:54:01

rocky

python-lxml security update

2021-05-18 06:21:26

python38:3.8 security update

2021-05-18 06:18:31

python27:2.7 security and bug fix update

2021-05-18 06:02:07

archlinux

[ASA-202012-1] python-lxml: cross-site scripting

2020-12-05 00:00:00

cvelist

CVE-2020-27783

2020-12-03 16:39:41

redhatcve

CVE-2020-27783

2020-11-25 17:22:50

redhat

(RHSA-2021:1898) Moderate: python-lxml security update

2021-05-18 06:21:26

(RHSA-2021:1879) Moderate: python38:3.8 security update

2021-05-18 06:18:31

(RHSA-2021:1761) Moderate: python27:2.7 security and bug fix update

2021-05-18 06:02:07

suse

Security update for python-lxml (moderate)

2022-11-01 00:00:00

Security update for python-lxml (important)

2022-03-10 00:00:00

photon

Moderate Photon OS Security Update - PHSA-2021-0072

2021-07-28 00:00:00

Moderate Photon OS Security Update - PHSA-2021-4.0-0072

2021-07-29 00:00:00

almalinux

Moderate: python38:3.8 security update

2021-05-18 06:18:31

Moderate: python27:2.7 security and bug fix update

2021-05-18 06:02:07

ibm

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

2024-03-27 19:39:32

Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs

2021-10-19 15:38:04

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

2024-05-09 12:31:16

oracle

Oracle Critical Patch Update Advisory - July 2021

2021-07-20 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.004 Low

EPSS

Percentile

73.0%

JSON

Related for OSV:PYSEC-2020-62