A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| lxml | lxml | 1.2 - 4.6.2 | - |
| redhat | software_collections | - | - |
| redhat | enterprise_linux | - |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
10
Affected Products
16
References
lxml / lxml
| - |
| debian | debian_linux | - | - |
| debian | debian_linux | - | - |
| fedoraproject | fedora | - | - |
| fedoraproject | fedora | - | - |
| netapp | snapcenter | - | - |
| oracle | communications_offline_mediation_controller | - | - |
| oracle | zfs_storage_appliance_kit | - | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability
Impact