| CVE-2014-3146 |
medium |
6.1 |
7.1 |
|
|
|
4y ago |
Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme t… |
| CVE-2022-2309 |
medium |
— |
5.5 |
|
|
|
4y ago |
Moderate: python-lxml security update |
| CVE-2021-43818 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2022:1932: python-lxml security update (Moderate) |
| CVE-2021-28957 |
medium |
— |
5.5 |
|
|
|
5y ago |
RHSA-2021:4162: python38:3.8 and python38-devel:3.8 security update (Moderate) |
| CVE-2020-27783 |
medium |
— |
5.5 |
|
|
|
6y ago |
RHSA-2021:1898: python-lxml security update (Moderate) |
| CVE-2026-41066 |
unknown |
— |
— |
|
|
|
1mo ago |
lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML in… |
| CVE-2018-19787 |
unknown |
— |
— |
|
|
|
4y ago |
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, a… |
