Oval Definition:oval:com.ubuntu.xenial:def:2018197870000000
Revision Date:2018-12-02Version:1
Title:CVE-2018-19787 on Ubuntu 16.04 LTS (xenial) - medium.
Description:An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-19787
Platform(s):Ubuntu 16.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 16.04 LTS (xenial) is installed.
  • AND lxml package in xenial was vulnerable but has been fixed (note: '3.5.0-1ubuntu0.1').
    • BACK