A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
https://advisory.checkmarx.net/advisory/CX-2020-4286
https://bugzilla.redhat.com/show_bug.cgi?id=1901633
https://lists.debian.org/debian-lts-announce/2020/12/msg00028.html
Source: MITRE
Published: 2020-12-03
Updated: 2021-03-30
Type: CWE-79
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 6.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Impact Score: 2.7
Exploitability Score: 2.8
Severity: MEDIUM
OR
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
148061 | EulerOS 2.0 SP5 : python-lxml (EulerOS-SA-2021-1701) | Nessus | Huawei Local Security Checks | medium |
147527 | EulerOS Virtualization 3.0.2.6 : python-lxml (EulerOS-SA-2021-1420) | Nessus | Huawei Local Security Checks | medium |
147453 | EulerOS Virtualization for ARM 64 3.0.2.0 : python-lxml (EulerOS-SA-2021-1402) | Nessus | Huawei Local Security Checks | medium |
147095 | EulerOS Virtualization for ARM 64 3.0.6.0 : python-lxml (EulerOS-SA-2021-1538) | Nessus | Huawei Local Security Checks | medium |
147041 | EulerOS Virtualization 3.0.6.6 : python-lxml (EulerOS-SA-2021-1514) | Nessus | Huawei Local Security Checks | medium |
145738 | EulerOS 2.0 SP8 : python-lxml (EulerOS-SA-2021-1166) | Nessus | Huawei Local Security Checks | medium |
144963 | Fedora 33 : python-lxml (2020-0e055ea503) | Nessus | Fedora Local Security Checks | medium |
144957 | Fedora 32 : python-lxml (2020-307946cfb6) | Nessus | Fedora Local Security Checks | medium |
144702 | EulerOS 2.0 SP9 : python-lxml (EulerOS-SA-2021-1035) | Nessus | Huawei Local Security Checks | medium |
144676 | EulerOS : python-lxml (EulerOS-SA-2021-1016) | Nessus | Huawei Local Security Checks | medium |
144189 | Debian DSA-4810-1 : lxml - security update | Nessus | Debian Local Security Checks | medium |
144078 | Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : lxml vulnerability (USN-4666-2) | Nessus | Ubuntu Local Security Checks | medium |
144012 | Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : lxml vulnerability (USN-4666-1) | Nessus | Ubuntu Local Security Checks | medium |
143308 | Debian DLA-2467-2 : lxml regression update | Nessus | Debian Local Security Checks | medium |