Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "3.3.3-1ubuntu0.1", "binary_name": "python-lxml" }, { "binary_version": "3.3.3-1ubuntu0.1", "binary_name": "python-lxml-dbg" }, { "binary_version": "3.3.3-1ubuntu0.1", "binary_name": "python-lxml-doc" }, { "binary_version": "3.3.3-1ubuntu0.1", "binary_name": "python3-lxml" }, { "binary_version": "3.3.3-1ubuntu0.1", "binary_name": "python3-lxml-dbg" } ] }