XSS Vulnerability in Python-lxml's Clean Module Affecting Red Hat and Debian
CVE-2020-27783

6.1MEDIUM

Key Information:

Vendor

Lxml

Status
Python-lxml
Vendor
CVE Published:
3 December 2020

What is CVE-2020-27783?

A Cross-Site Scripting (XSS) vulnerability was identified in the clean module of Python-lxml. This vulnerability arises from the module's parser not accurately mimicking browser behavior, leading to inconsistencies between the sanitizer's output and the user's page. An attacker could exploit this flaw to inject and execute arbitrary HTML or JavaScript code on the affected web pages, posing significant security risks to users.

Affected Version(s)

python-lxml lxml-4.6.2

References

https://bugzilla.redhat.com/show_bug.cgi?id=1901633
x_refsource_MISC
https://www.debian.org/security/2020/dsa-4810
vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2020/12/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.