CVE-2020-27783: Cross-site Scripting
(updated )
A XSS vulnerability was discovered in the python lxml clean module. The module’s parser didn’t properly imitate browsers, which caused different behaviors between the sanitizer and the user’s page. A remote attacker could exploit this flaw to run arbitrary HTML/JS
code.
References
Detect and mitigate CVE-2020-27783 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →