Back to search
CVE-2020-27783
Published: Dec 3, 2020
Modified: Dec 17, 2025
PUBLISHED
Description
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
| Vendor | Product | Versions |
|---|---|---|
n/a | python-lxml | affected lxml-4.6.2 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1901633
x_refsource_MISC
DSA-4810
vendor-advisory
x_refsource_DEBIAN
[debian-lts-announce] 20201218 [SECURITY] [DLA 2467-2] lxml regression update
mailing-list
x_refsource_MLIST
FEDORA-2020-0e055ea503
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-307946cfb6
vendor-advisory
x_refsource_FEDORA
https://www.oracle.com//security-alerts/cpujul2021.html
x_refsource_MISC
https://advisory.checkmarx.net/advisory/CX-2020-4286
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20210521-0003/
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now