CVE-2020-27783 - log back

CVE-2020-27783 edited at 03 Dec 2020 23:24:35
Description
- A XSS vulnerability was discovered in python-lxml's clean module before version 4.6.2. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
+ A cross-site scripting vulnerability was discovered in python-lxml's clean module before version 4.6.2. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
CVE-2020-27783 edited at 03 Dec 2020 21:18:31
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Cross-site scripting
Description
+ A XSS vulnerability was discovered in python-lxml's clean module before version 4.6.2. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
References
+ https://github.com/lxml/lxml/commit/a105ab8dc262ec6735977c25c13f0bdfcdec72a7
Notes
CVE-2020-27783 created at 03 Dec 2020 21:16:18