MGASA-2021-0038
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 17 Jan 2021, 16:07
Last modified:16 Apr 2026, 04:25
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
17 Jan 2021, 16:07
Published
Vulnerability first disclosed
16 Apr 2026, 04:25
Last Modified
Vulnerability information updated
Description
Updated python-lxml packages fix a security vulnerability A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. (CVE-2020-27783).
Affected Systems
- mageia•python-lxml
< 4.3.0-1.2.mga7
References (6)
- https://advisories.mageia.org/MGASA-2021-0038.html
- https://bugs.mageia.org/show_bug.cgi?id=27685
- https://www.debian.org/lts/security/2020/dla-2467
- https://ubuntu.com/security/notices/USN-4666-1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK/