Search CVE reports


Toggle filters

1 – 8 of 8 results


CVE-2024-52595

Medium priority
Needs evaluation

lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as...

1 affected package

lxml-html-clean

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lxml-html-clean Needs evaluation Not in release Not in release
Show less packages

CVE-2024-37388

Medium priority
Not affected

An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.

1 affected package

lxml

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lxml Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-2309

Low priority

Some fixes available 4 of 11

NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows...

2 affected packages

libxml2, lxml

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libxml2 Not affected Fixed Fixed Not affected Not affected
lxml Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-43818

Medium priority
Fixed

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded...

1 affected package

lxml

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lxml Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-28957

Medium priority
Fixed

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass...

1 affected package

lxml

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lxml Fixed Fixed Fixed
Show less packages

CVE-2020-27783

Medium priority
Fixed

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit...

1 affected package

lxml

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lxml Fixed Fixed Fixed
Show less packages

CVE-2018-19787

Medium priority
Fixed

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c...

1 affected package

lxml

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lxml Fixed Fixed
Show less packages

CVE-2014-3146

Medium priority

Some fixes available 3 of 5

Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.

1 affected package

lxml

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lxml
Show less packages