Vulnerability & Exploit Database

Displaying all 2 entries

Results for: CVE-2018-19787 Back to search

Ubuntu: (Multiple Advisories) (CVE-2018-19787): lxml vulnerability Vulnerability

  • Severity: 4
  • Published: December 02, 2018

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.

Debian: CVE-2018-19787: lxml -- security update Vulnerability

  • Severity: 4
  • Published: December 02, 2018

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.