EIQ-2019-0001
|
ID |
EIQ-2019-0001 |
|
CVE |
|
|
Description |
lxml could allow cross-site scripting (XSS) attacks |
|
Date |
04 Feb 2019 |
|
Severity |
2 - MEDIUM |
|
CVSSv3 score |
6.1 |
|
Status |
|
|
Assessment |
An issue was discovered in the lxml Python library versions 4.2.4 and earlier. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping. This makes it possible for a remote attacker to conduct XSS attacks. This is a similar issue to CVE-2014-3146. |
|
Mitigation |
EclecticIQ Platform is not affected. |
|
Affected versions |
None |
|
Notes |
Neither EclecticIQ Platform nor its dependencies use lxml.html.clean(). |
2.3.4< Back to all security issues and mitigation actions
In release notes 2.3.4