A XSS vulnerability exists in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lxml lxml |
||
redhat enterprise linux 8.0 |
||
redhat software collections - |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
fedoraproject fedora 32 |
||
fedoraproject fedora 33 |
||
netapp snapcenter - |
||
oracle communications offline mediation controller 12.0.0.3.0 |
||
oracle zfs storage appliance kit 8.8 |