CVE-2020-27783

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-27783

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-27783.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-27783

Aliases

Downstream

ALPINE-CVE-2020-27783

DEBIAN-CVE-2020-27783

DLA-2467-1

DSA-4810-1

OESA-2021-1068

RHSA-2021:1761

RHSA-2021:1879

RHSA-2021:1898

RHSA-2021:3254

SUSE-FU-2022:0444-1

SUSE-FU-2022:0445-1

SUSE-SU-2022:0803-1

SUSE-SU-2022:0895-1

SUSE-SU-2022:1729-1

SUSE-SU-2022:3460-1

SUSE-SU-2022:3461-1

SUSE-SU-2022:3836-1

UBUNTU-CVE-2020-27783

USN-4666-1

USN-4666-2

openSUSE-SU-2022:0803-1

openSUSE-SU-2024:11236-1

Related

Published

2020-12-03T17:15:13Z

Modified

2025-08-09T20:01:26Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.

References

Affected packages