CVE-2014-3146
Description
Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
4.268
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2014-3146 are fixed in Python-lxml 3.3.5 | Windows |
| pythonic binding for the libxml2 and libxslt libraries (USN-2217-1) python-lxml_3.3.3-1ubuntu0.2_i386.deb | Linux |
| pythonic binding for the libxml2 and libxslt libraries (USN-2217-1) python-lxml_3.3.3-1ubuntu0.2_amd64.deb | Linux |
| pythonic binding for the libxml2 and libxslt libraries (USN-2217-1) python3-lxml_3.3.3-1ubuntu0.2_i386.deb | Linux |
| pythonic binding for the libxml2 and libxslt libraries (USN-2217-1) python3-lxml_3.3.3-1ubuntu0.2_amd64.deb | Linux |
| Vulnerabilities CVE-2014-3146 are fixed in Python-lxml for linux 3.3.5 | Linux |
| CVE-2014-3146 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234