Skip to main content

Lxml

6 CVEs product

Monthly

CVE-2022-2309 PyPI HIGH POC PATCH This Week

NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Lxml Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-43818 PyPI HIGH PATCH This Week

lxml is a library for processing XML and HTML in the Python language. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Lxml Fedora Debian Linux +8
NVD GitHub
CVSS 3.1
7.1
EPSS
2.5%
CVE-2021-28957 PyPI MEDIUM POC PATCH This Month

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python XSS Lxml Debian Linux Fedora +2
NVD GitHub
CVSS 3.1
6.1
EPSS
4.0%
CVE-2020-27783 PyPI MEDIUM POC PATCH This Month

A XSS vulnerability was discovered in python-lxml's clean module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Python Lxml Software Collections Enterprise Linux +5
NVD
CVSS 3.1
6.1
EPSS
3.9%
CVE-2018-19787 PyPI MEDIUM PATCH This Month

An issue was discovered in lxml before 4.2.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Lxml Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
2.4%
CVE-2014-3146 PyPI MEDIUM POC PATCH This Month

Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Lxml
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
4.3%
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Lxml +1
NVD GitHub
EPSS 2% CVSS 7.1
HIGH PATCH This Week

lxml is a library for processing XML and HTML in the Python language. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Lxml +10
NVD GitHub
EPSS 4% CVSS 6.1
MEDIUM POC PATCH This Month

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python XSS Lxml +4
NVD GitHub
EPSS 4% CVSS 6.1
MEDIUM POC PATCH This Month

A XSS vulnerability was discovered in python-lxml's clean module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Python Lxml +7
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

An issue was discovered in lxml before 4.2.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Lxml Debian Linux +1
NVD GitHub
EPSS 4% CVSS 6.1
MEDIUM POC PATCH This Month

Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Lxml
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy