ALT-PU-2021-1429-2

Package update python3-module-lxml in branch sisyphus

Version4.6.2-alt1

Published2026-02-04

Max severityMEDIUM

Severity:

Closed issues (3)

MEDIUM6.1

Уязвимость модуля clean библиотеки для обработки разметки XML и HTML Lxml, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

Published: 2021-07-15Modified: 2025-11-26

CVSS 3.xMEDIUM 6.1

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N

References

CVE-2020-27783

MEDIUM6.1

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.

Published: 2020-12-03Modified: 2025-12-17

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xMEDIUM 6.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

GHSA-pgww-xf46-h92r

MEDIUM5.3

lxml vulnerable to Cross-site Scripting

Published: 2021-01-08Modified: 2025-12-20

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS 4.0MEDIUM 5.3

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

References