A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "python3-lxml-dbg": "3.3.3-1ubuntu0.2+esm2", "python-lxml": "3.3.3-1ubuntu0.2+esm2", "python-lxml-dbg": "3.3.3-1ubuntu0.2+esm2", "python-lxml-dbgsym": "3.3.3-1ubuntu0.2+esm2", "python-lxml-doc": "3.3.3-1ubuntu0.2+esm2", "python3-lxml": "3.3.3-1ubuntu0.2+esm2", "python3-lxml-dbgsym": "3.3.3-1ubuntu0.2+esm2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "python-lxml": "3.5.0-1ubuntu0.3", "python3-lxml-dbg": "3.5.0-1ubuntu0.3", "python-lxml-doc": "3.5.0-1ubuntu0.3", "python3-lxml": "3.5.0-1ubuntu0.3", "python-lxml-dbg": "3.5.0-1ubuntu0.3" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "python-lxml": "4.2.1-1ubuntu0.3", "python3-lxml-dbg": "4.2.1-1ubuntu0.3", "python-lxml-doc": "4.2.1-1ubuntu0.3", "python3-lxml": "4.2.1-1ubuntu0.3", "python-lxml-dbg": "4.2.1-1ubuntu0.3" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "python-lxml": "4.5.0-1ubuntu0.2", "python3-lxml-dbg": "4.5.0-1ubuntu0.2", "python-lxml-doc": "4.5.0-1ubuntu0.2", "python3-lxml": "4.5.0-1ubuntu0.2", "python-lxml-dbg": "4.5.0-1ubuntu0.2" } ] }