CVE-2014-3146

Medium

6.1/10

Summary

Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

References

Advisory Timeline

Published May 14, 2014

CVE-2014-3146

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS