{"id":"PYSEC-2020-62","details":"A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.","aliases":["CVE-2020-27783","GHSA-pgww-xf46-h92r"],"modified":"2023-11-01T05:44:40.663437Z","published":"2020-12-03T17:15:00Z","references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1901633"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4810"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00028.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK/"},{"type":"ADVISORY","url":"https://advisory.checkmarx.net/advisory/CX-2020-4286"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-pgww-xf46-h92r"}],"affected":[{"package":{"name":"lxml","ecosystem":"PyPI","purl":"pkg:pypi/lxml"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.2"},{"fixed":"4.6.2"}]}],"versions":["1.2","1.2.1","1.3beta","1.3","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","2.0alpha1","2.0alpha2","2.0alpha3","2.0alpha4","2.0alpha5","2.0alpha6","2.0beta1","2.0beta2","2.0","2.0.1","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.0.9","2.0.10","2.0.11","2.1alpha1","2.1beta1","2.1beta2","2.1beta3","2.1","2.1.1","2.1.2","2.1.3","2.1.4","2.1.5","2.2alpha1","2.2beta1","2.2beta2","2.2beta3","2.2beta4","2.2","2.2.1","2.2.2","2.2.3","2.2.4","2.2.5","2.2.6","2.2.7","2.2.8","2.3alpha1","2.3alpha2","2.3beta1","2.3","2.3.1","2.3.2","2.3.3","2.3.4","2.3.5","2.3.6","3.0","3.0.1","3.0.2","3.1beta1","3.1.0","3.1.1","3.1.2","3.2.0","3.2.1","3.2.2","3.2.3","3.2.4","3.2.5","3.3.0beta1","3.3.0beta2","3.3.0beta3","3.3.0beta4","3.3.0beta5","3.3.0","3.3.1","3.3.2","3.3.3","3.3.4","3.3.5","3.3.6","3.4.0","3.4.1","3.4.2","3.4.3","3.4.4","3.5.0b1","3.5.0","3.6.0","3.6.1","3.6.2","3.6.3","3.6.4","3.7.0","3.7.1","3.7.2","3.7.3","3.8.0","4.0.0","4.1.0","4.1.1","4.2.0","4.2.1","4.2.2","4.2.3","4.2.4","4.2.5","4.2.6","4.3.0","4.3.1","4.3.2","4.3.3","4.3.4","4.3.5","4.4.0","4.4.1","4.4.2","4.4.3","4.5.0","4.5.1","4.5.2","4.6.0","4.6.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/lxml/PYSEC-2020-62.yaml"}}],"schema_version":"1.7.3"}