CVE-2020-27783 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Cross-site scripting |
| Description | A cross-site scripting vulnerability was discovered in python-lxml's clean module before version 4.6.2. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1319 | python-lxml | 4.6.1-3 | 4.6.2-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 05 Dec 2020 | ASA-202012-1 | AVG-1319 | python-lxml | Medium | cross-site scripting |
| References |
|---|
https://github.com/lxml/lxml/commit/a105ab8dc262ec6735977c25c13f0bdfcdec72a7 |