PT-2020-6224 · Lxml+8 · Python-Lxml+8

Yaniv Nizry

Published

2020-10-18

Updated

2025-12-17

CVE-2020-27783

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions python-lxml (affected versions not specified)

Description A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALSA-2021:1761

ALSA-2021:1879

ALT-PU-2021-1429

AZL-6807

BDU:2021-03620

CESA-2021_1761

CESA-2021_1879

CESA-2021_1898

CVE-2020-27783

DLA-2467-1

DLA-2467-2

DSA-4810-1

DSA-4810-2

GHSA-PGWW-XF46-H92R

MGASA-2021-0038

OESA-2021-1068

OPENSUSE-SU-2022:0803-1

OPENSUSE-SU-2022_0803-1

OPENSUSE-SU-2022_3836-1

OPENSUSE-SU-2024:11236-1

PYSEC-2020-62

RHSA-2021:1761

RHSA-2021:1879

RHSA-2021:1898

RHSA-2021:3254

RHSA-2021_1761

RHSA-2021_1879

RHSA-2021_1898

RLSA-2021:1761

RLSA-2021:1879

RLSA-2021:1898

SUSE-FU-2022:0444-1

SUSE-FU-2022:0445-1

SUSE-SU-2022:0803-1

SUSE-SU-2022:0895-1

SUSE-SU-2022:1729-1

SUSE-SU-2022:3460-1

SUSE-SU-2022:3461-1

SUSE-SU-2022:3836-1

SUSE-SU-2022_3460-1

SUSE-SU-2022_3461-1

USN-4666-1

USN-4666-2

Affected Products

Alt Linux

Almalinux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Python-Lxml

PT-2020-6224 · Lxml+8 · Python-Lxml+8

CVE-2020-27783

Weakness Enumeration

Related Identifiers

Affected Products

References · 131