4.3

CVE-2014-3146

Exploit

Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.

Data is provided by the National Vulnerability Database (NVD)
LxmlLxml Version <= 3.3.4
LxmlLxml Version0.5
LxmlLxml Version0.5.1
LxmlLxml Version0.6
LxmlLxml Version0.7
LxmlLxml Version0.8
LxmlLxml Version0.9
LxmlLxml Version0.9.1
LxmlLxml Version0.9.2
LxmlLxml Version1.0
LxmlLxml Version1.0.1
LxmlLxml Version1.0.2
LxmlLxml Version1.0.3
LxmlLxml Version1.0.4
LxmlLxml Version1.1
LxmlLxml Version1.1.1
LxmlLxml Version1.1.2
LxmlLxml Version1.2
LxmlLxml Version1.2.1
LxmlLxml Version1.3
LxmlLxml Version1.3.1
LxmlLxml Version1.3.2
LxmlLxml Version1.3.3
LxmlLxml Version1.3.4
LxmlLxml Version1.3.5
LxmlLxml Version1.3.6
LxmlLxml Version2.0
LxmlLxml Version2.0.1
LxmlLxml Version2.0.2
LxmlLxml Version2.0.3
LxmlLxml Version2.0.4
LxmlLxml Version2.0.5
LxmlLxml Version2.0.6
LxmlLxml Version2.0.7
LxmlLxml Version2.0.8
LxmlLxml Version2.0.9
LxmlLxml Version2.0.10
LxmlLxml Version2.0.11
LxmlLxml Version2.1 Updatealpha1
LxmlLxml Version2.1 Updatebeta1
LxmlLxml Version2.1 Updatebeta2
LxmlLxml Version2.1 Updatebeta3
LxmlLxml Version2.1.1
LxmlLxml Version2.1.2
LxmlLxml Version2.1.3
LxmlLxml Version2.1.4
LxmlLxml Version2.2 Update-
LxmlLxml Version2.2 Updatealpha1
LxmlLxml Version2.2 Updatebeta1
LxmlLxml Version2.2 Updatebeta2
LxmlLxml Version2.2 Updatebeta3
LxmlLxml Version2.2 Updatebeta4
LxmlLxml Version2.2.1
LxmlLxml Version2.2.2
LxmlLxml Version2.2.3
LxmlLxml Version2.2.4
LxmlLxml Version2.2.5
LxmlLxml Version2.2.6
LxmlLxml Version2.2.7
LxmlLxml Version2.2.8
LxmlLxml Version2.3 Update-
LxmlLxml Version2.3 Updatealpha1
LxmlLxml Version2.3 Updatealpha2
LxmlLxml Version2.3 Updatebeta1
LxmlLxml Version2.3.1
LxmlLxml Version2.3.2
LxmlLxml Version2.3.3
LxmlLxml Version2.3.4
LxmlLxml Version2.3.5
LxmlLxml Version2.3.6
LxmlLxml Version3.0 Update-
LxmlLxml Version3.0 Updatealpha1
LxmlLxml Version3.0 Updatealpha2
LxmlLxml Version3.0 Updatebeta1
LxmlLxml Version3.0.1
LxmlLxml Version3.0.2
LxmlLxml Version3.1 Updatebeta1
LxmlLxml Version3.1.0
LxmlLxml Version3.1.1
LxmlLxml Version3.1.2
LxmlLxml Version3.2.0
LxmlLxml Version3.2.1
LxmlLxml Version3.2.2
LxmlLxml Version3.2.3
LxmlLxml Version3.2.4
LxmlLxml Version3.2.5
LxmlLxml Version3.3.0 Update-
LxmlLxml Version3.3.0 Updatebeta1
LxmlLxml Version3.3.0 Updatebeta2
LxmlLxml Version3.3.0 Updatebeta3
LxmlLxml Version3.3.0 Updatebeta4
LxmlLxml Version3.3.0 Updatebeta5
LxmlLxml Version3.3.1
LxmlLxml Version3.3.2
LxmlLxml Version3.3.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 8.19% 0.918
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N