Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-2830)

Information

Severity

Severity

Medium

Family

Family

Huawei EulerOS Local Security Checks

CVSSv2 Base

CVSSv2 Base

4.3

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

2 years ago

Modified

Modified

2 years ago

Summary

The remote host is missing an update for the Huawei EulerOS 'python-lxml' package(s) announced via the EulerOS-SA-2021-2830 advisory.

Insight

Insight

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.(CVE-2021-28957)

Affected Software

Affected Software

'python-lxml' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.

Detection Method

Detection Method

Checks if a vulnerable package version is present on the target host.

Solution

Solution

Please install the updated package(s).

Common Vulnerabilities and Exposures (CVE)