lxml is vulnerable to cross-site scripting (XSS). An attacker is able to inject and execute arbitrary script via HTML action attribute into defs.link_attrs (in html/defs.py).

References

bugs.launchpad.net/lxml/+bug/1888153

github.com/lxml/lxml/commit/10ec1b4e9f93713513a3264ed6158af22492f270

github.com/lxml/lxml/commit/a5f9cb52079dc57477c460dbe6ba0f775e14a999

github.com/lxml/lxml/pull/316

github.com/lxml/lxml/pull/316/commits/10ec1b4e9f93713513a3264ed6158af22492f270

lists.debian.org/debian-lts-announce/2021/03/msg00031.html

lists.fedoraproject.org/archives/list/[email protected]/message/3C2R44VDUY7FJVMAVRZ2WY7XYL4SVN45/

lists.fedoraproject.org/archives/list/[email protected]/message/XXN3QPWCTQVOGW4BMWV3AUUZZ4NRZNSQ/

security.netapp.com/advisory/ntap-20210521-0004/

www.debian.org/security/2021/dsa-4880

www.oracle.com/security-alerts/cpuoct2021.html

alpinelinux 1

prion 1

osv 16

ubuntucve 1

openvas 23

nessus 47

github 1

rocky 4

debiancve 1

redhatcve 1

cbl_mariner 2

mageia 1

debian 3

amazon 1

cvelist 1

ubuntu 2

almalinux 4

redhat 6

fedora 2

nvd 1

cve 1

suse 2

photon 4

gentoo 1

oraclelinux 4

ibm 2

oracle 1

alpinelinux

CVE-2021-28957

2021-03-21 05:15:13

prion

Cross site scripting

2021-03-21 05:15:00

osv

lxml - security update

2021-03-29 00:00:00

lxml vulnerability

2021-04-08 12:46:21

python36-translate-toolkit-3.3.6-1.3 on GA media

2024-06-15 00:00:00

ubuntucve

CVE-2021-28957

2021-03-21 00:00:00

openvas

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-2483)

2021-09-24 00:00:00

Ubuntu: Security Advisory (USN-4896-2)

2022-08-26 00:00:00

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2022-1141)

2022-02-13 00:00:00

nessus

EulerOS Virtualization 3.0.6.6 : python-lxml (EulerOS-SA-2022-1141)

2022-02-12 00:00:00

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : lxml vulnerability (USN-4896-1)

2021-03-30 00:00:00

EulerOS Virtualization 3.0.2.0 : python-lxml (EulerOS-SA-2021-2830)

2021-12-29 00:00:00

github

lxml vulnerable to Cross-Site Scripting

2021-03-22 16:53:53

rocky

python-lxml security update

2021-11-09 08:26:20

python39:3.9 and python39-devel:3.9 security update

2021-11-09 08:26:25

python27:2.7 security update

2021-11-09 08:24:39

debiancve

CVE-2021-28957

2021-03-21 05:15:13

redhatcve

CVE-2021-28957

2021-03-22 10:58:48

cbl_mariner

CVE-2021-28957 affecting package python-lxml 4.2.4-7

2021-08-11 06:39:25

CVE-2021-28957 affecting package python-lxml for versions less than 4.8.0-1

2022-04-26 19:57:36

mageia

Updated python-lxml packages fix a security vulnerability

2021-06-14 00:32:39

debian

[SECURITY] [DSA 4880-1] lxml security update

2021-03-29 16:20:53

[SECURITY] [DLA 2606-1] lxml security update

2021-03-24 18:10:42

[SECURITY] [DSA 4880-1] lxml security update

2021-03-29 16:20:53

amazon

Medium: python-lxml

2024-08-01 03:01:00

cvelist

CVE-2021-28957

2021-03-21 04:39:35

ubuntu

lxml vulnerability

2021-04-08 00:00:00

lxml vulnerability

2021-03-30 00:00:00

almalinux

Moderate: python-lxml security update

2021-11-09 08:26:20

Moderate: python39:3.9 and python39-devel:3.9 security update

2021-11-09 08:26:25

Moderate: python27:2.7 security update

2021-11-09 08:24:39

redhat

(RHSA-2021:4158) Moderate: python-lxml security update

2021-11-09 08:26:20

(RHSA-2021:4160) Moderate: python39:3.9 and python39-devel:3.9 security update

2021-11-09 08:26:25

(RHSA-2021:4151) Moderate: python27:2.7 security update

2021-11-09 08:24:39

fedora

[SECURITY] Fedora 34 Update: python-lxml-4.6.3-1.fc34

2021-05-28 01:01:22

[SECURITY] Fedora 33 Update: python-lxml-4.5.1-4.fc33

2021-06-04 01:03:49

nvd

CVE-2021-28957

2021-03-21 05:15:13

cve

CVE-2021-28957

2021-03-21 05:15:13

suse

Security update for python-lxml (moderate)

2022-11-01 00:00:00

Security update for python-lxml (important)

2022-03-10 00:00:00

photon

Moderate Photon OS Security Update - PHSA-2021-0072

2021-07-28 00:00:00

Moderate Photon OS Security Update - PHSA-2021-4.0-0072

2021-07-29 00:00:00

Critical Photon OS Security Update - PHSA-2022-0406

2022-06-17 00:00:00

gentoo

lxml: Multiple Vulnerabilities

2022-08-10 00:00:00

oraclelinux

python39:3.9 and python39-devel:3.9 security update

2021-11-16 00:00:00

python27:2.7 security update

2021-11-16 00:00:00

python38:3.8 and python38-devel:3.8 security update

2021-11-16 00:00:00

ibm

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

2024-03-27 19:39:32

Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

2023-03-08 18:05:21

oracle

Oracle Critical Patch Update Advisory - October 2021

2021-10-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.002

Percentile

61.6%

JSON

Related for VERACODE:29778