Back to search
CVE-2014-3146
Published: May 14, 2014
Modified: Dec 17, 2025
PUBLISHED
Description
Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-2941
vendor-advisory
x_refsource_DEBIAN
http://lxml.de/3.3/changes-3.3.5.html
x_refsource_CONFIRM
[oss-security] 20140509 Re: CVE request: python-lxml clean_html() input sanitization flaw
mailing-list
x_refsource_MLIST
USN-2217-1
vendor-advisory
x_refsource_UBUNTU
[lxml] 20140415 lxml.html.clean vulnerability
mailing-list
x_refsource_MLIST
58744
third-party-advisory
x_refsource_SECUNIA
http://advisories.mageia.org/MGASA-2014-0218.html
x_refsource_CONFIRM
67159
vdb-entry
x_refsource_BID
MDVSA-2015:112
vendor-advisory
x_refsource_MANDRIVA
58013
third-party-advisory
x_refsource_SECUNIA
20140415 lxml (python lib) vulnerability
mailing-list
x_refsource_FULLDISC
59008
third-party-advisory
x_refsource_SECUNIA
openSUSE-SU-2014:0735
vendor-advisory
x_refsource_SUSE
20140430 Re: lxml (python lib) vulnerability
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now