Wind River Support Network

HomeDefectsCGP6-473
Fixed

CGP6-473 : Security Advisory - python-lxml - CVE-2014-3146

Created: Jun 2, 2014    Updated: Mar 11, 2016
Resolved Date: Jun 17, 2014
Found In Version: 6.0.0.9
Fix Version: 6.0.0.9
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.Per: http://cwe.mitre.org/data/definitions/184.html

CWE-184: Incomplete Blacklist

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3146
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube