Safety vulnerability ID: 35549
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.
Latest version: 5.3.1
Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.
FULLDISC:20140415 lxml (python lib) vulnerability: http://seclists.org/fulldisclosure/2014/Apr/210
FULLDISC:20140430 Re: lxml (python lib) vulnerability: http://seclists.org/fulldisclosure/2014/Apr/319
MLIST:[lxml] 20140415 lxml.html.clean vulnerability: https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html
MLIST:[oss-security] 20140509 Re: CVE request: python-lxml clean_html() input sanitization flaw: http://www.openwall.com/lists/oss-security/2014/05/09/7
CONFIRM:http://lxml.de/3.3/changes-3.3.5.html: http://lxml.de/3.3/changes-3.3.5.html
CONFIRM:http://advisories.mageia.org/MGASA-2014-0218.html: http://advisories.mageia.org/MGASA-2014-0218.html
DEBIAN:DSA-2941: http://www.debian.org/security/2014/dsa-2941
MANDRIVA:MDVSA-2015:112: http://www.mandriva.com/security/advisories?name=MDVSA-2015:112
SUSE:openSUSE-SU-2014:0735: http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html
UBUNTU:USN-2217-1: http://www.ubuntu.com/usn/USN-2217-1
BID:67159: http://www.securityfocus.com/bid/67159
SECUNIA:58013: http://secunia.com/advisories/58013
SECUNIA:58744: http://secunia.com/advisories/58744
SECUNIA:59008: http://secunia.com/advisories/59008
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application