Skip to main content

Lxml Html Clean

3 CVEs product

Monthly

CVE-2026-28350 PyPI MEDIUM POC PATCH This Month

lxml_html_clean versions prior to 0.4.4 fail to sanitize <base> HTML tags, allowing attackers to inject malicious base tags and redirect relative links to attacker-controlled domains. Public exploit code exists for this vulnerability. The issue affects applications using the default Cleaner configuration and has been remediated in version 0.4.4.

XSS Lxml Html Clean Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-28348 PyPI MEDIUM POC PATCH This Month

lxml_html_clean versions before 0.4.4 fail to properly sanitize CSS Unicode escape sequences in the _has_sneaky_javascript() method, allowing attackers to bypass filters and inject malicious @import statements or XSS payloads. Public exploit code exists for this vulnerability, which affects applications using the library for HTML sanitization. A patch is available in version 0.4.4 and should be applied immediately to prevent CSS-based injection attacks.

XSS Lxml Html Clean Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2024-52595 PyPI MEDIUM PATCH This Month

lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Lxml Html Clean
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

lxml_html_clean versions prior to 0.4.4 fail to sanitize <base> HTML tags, allowing attackers to inject malicious base tags and redirect relative links to attacker-controlled domains. Public exploit code exists for this vulnerability. The issue affects applications using the default Cleaner configuration and has been remediated in version 0.4.4.

XSS Lxml Html Clean Suse
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

lxml_html_clean versions before 0.4.4 fail to properly sanitize CSS Unicode escape sequences in the _has_sneaky_javascript() method, allowing attackers to bypass filters and inject malicious @import statements or XSS payloads. Public exploit code exists for this vulnerability, which affects applications using the library for HTML sanitization. A patch is available in version 0.4.4 and should be applied immediately to prevent CSS-based injection attacks.

XSS Lxml Html Clean Suse
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Lxml Html Clean
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy