CVE-2014-3146

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-3146
Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://advisories.mageia.org/MGASA-2014-0218.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html
http://lxml.de/3.3/changes-3.3.5.html
http://seclists.org/fulldisclosure/2014/Apr/210
http://seclists.org/fulldisclosure/2014/Apr/319 Exploit
http://secunia.com/advisories/58013 Vendor Advisory
http://secunia.com/advisories/58744
http://secunia.com/advisories/59008
http://www.debian.org/security/2014/dsa-2941
http://www.mandriva.com/security/advisories?name=MDVSA-2015:112
http://www.openwall.com/lists/oss-security/2014/05/09/7
http://www.securityfocus.com/bid/67159 Exploit
http://www.ubuntu.com/usn/USN-2217-1
https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html Exploit
http://advisories.mageia.org/MGASA-2014-0218.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html
http://lxml.de/3.3/changes-3.3.5.html
http://seclists.org/fulldisclosure/2014/Apr/210
http://seclists.org/fulldisclosure/2014/Apr/319 Exploit
http://secunia.com/advisories/58013 Vendor Advisory
http://secunia.com/advisories/58744
http://secunia.com/advisories/59008
http://www.debian.org/security/2014/dsa-2941
http://www.mandriva.com/security/advisories?name=MDVSA-2015:112
http://www.openwall.com/lists/oss-security/2014/05/09/7
http://www.securityfocus.com/bid/67159 Exploit
http://www.ubuntu.com/usn/USN-2217-1
https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html Exploit
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:lxml:lxml:*:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:0.5:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:0.6:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:0.7:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:0.8:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:0.9:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:1.0:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:1.1:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:1.2:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:1.3:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.0:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.1:alpha1:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.1:beta1:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.1:beta2:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.1:beta3:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.2:-:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.2:alpha1:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.2:beta1:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.2:beta2:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.2:beta3:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.2:beta4:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.3:-:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.3:alpha1:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.3:alpha2:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.3:beta1:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.0:-:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.0:beta1:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.1:beta1:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.3.0:-:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.3.0:beta1:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.3.0:beta2:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.3.0:beta3:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.3.0:beta4:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.3.0:beta5:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:lxml:lxml:3.3.3:*:*:*:*:*:*:*
History

21 Nov 2024, 02:07

Type Values Removed Values Added
References () http://advisories.mageia.org/MGASA-2014-0218.html - () http://advisories.mageia.org/MGASA-2014-0218.html -
References () http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html - () http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html -
References () http://lxml.de/3.3/changes-3.3.5.html - () http://lxml.de/3.3/changes-3.3.5.html -
References () http://seclists.org/fulldisclosure/2014/Apr/210 - () http://seclists.org/fulldisclosure/2014/Apr/210 -
References () http://seclists.org/fulldisclosure/2014/Apr/319 - Exploit () http://seclists.org/fulldisclosure/2014/Apr/319 - Exploit
References () http://secunia.com/advisories/58013 - Vendor Advisory () http://secunia.com/advisories/58013 - Vendor Advisory
References () http://secunia.com/advisories/58744 - () http://secunia.com/advisories/58744 -
References () http://secunia.com/advisories/59008 - () http://secunia.com/advisories/59008 -
References () http://www.debian.org/security/2014/dsa-2941 - () http://www.debian.org/security/2014/dsa-2941 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2015:112 - () http://www.mandriva.com/security/advisories?name=MDVSA-2015:112 -
References () http://www.openwall.com/lists/oss-security/2014/05/09/7 - () http://www.openwall.com/lists/oss-security/2014/05/09/7 -
References () http://www.securityfocus.com/bid/67159 - Exploit () http://www.securityfocus.com/bid/67159 - Exploit
References () http://www.ubuntu.com/usn/USN-2217-1 - () http://www.ubuntu.com/usn/USN-2217-1 -
References () https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html - Exploit () https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html - Exploit
Information

Published : 2014-05-14 19:55

Updated : 2024-11-21 02:07

NVD link : CVE-2014-3146

Mitre link : CVE-2014-3146

CVE.ORG link : CVE-2014-3146

JSON object : View

Products Affected

lxml

  • lxml
CWE
NVD-CWE-Other