Security Advisory

CVE-2014-3146

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-05-14 19:00:00

Last updated 2025-12-17 21:03:02

Assigner redhat

State PUBLISHED

Description

Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.

← Browse all CVEs View on cve.org ↗