Wind River Support Network

HomeDefectsOVP-1913
Fixed

OVP-1913 : Security Advisory - lxml - CVE-2014-3146

Created: Jun 2, 2014    Updated: Mar 11, 2016
Resolved Date: Sep 23, 2014
Found In Version: 5.0.1
Fix Version: 5.0.1.19,6.0.0.12
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.Per: http://cwe.mitre.org/data/definitions/184.html

CWE-184: Incomplete Blacklist

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3146

Other Downloads

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube