Safety vulnerability ID: 35693
The information on this page was manually curated by our Cybersecurity Intelligence Team.
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values.
https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
Latest version: 1.1
HTML parser based on the WHATWG HTML specification
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values.
MLIST:[oss-security] 20161206 CVE Request: html5lib: potential cross-site scripting vulnerablity: quote attributes that need escaping in legacy browsers: http://www.openwall.com/lists/oss-security/2016/12/06/5
MLIST:[oss-security] 20161208 Re: CVE Request: html5lib: potential cross-site scripting vulnerablity: quote attributes that need escaping in legacy browsers: http://www.openwall.com/lists/oss-security/2016/12/08/8
CONFIRM:https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
CONFIRM:https://github.com/html5lib/html5lib-python/issues/11: https://github.com/html5lib/html5lib-python/issues/11
CONFIRM:https://github.com/html5lib/html5lib-python/issues/12: https://github.com/html5lib/html5lib-python/issues/12
CONFIRM:https://html5lib.readthedocs.io/en/latest/changes.html#b9: https://html5lib.readthedocs.io/en/latest/changes.html#b9
BID:95132: http://www.securityfocus.com/bid/95132
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application