CVE-2021-28957

Cross-site Scripting in pypi/lxml

Identifier

CVE-2021-28957

Package Slug

pypi/lxml

Vulnerability

Cross-site Scripting

Description

lxml allows XSS. It places the HTML action attribute into defs.link_attrs (in html/defs.py) for later use in input sanitization, but does not do the same for the HTML5 formaction attribute.

Affected Versions

Version 4.6.2

Solution

Upgrade to version 4.6.3 or above.

Last Modified

2021-03-25

source