VDB

GCVE-110-MAGEIA-2018-497

GCVE-110-MAGEIA-2018-497
Advisory Published
Vulnetix · Advisory published December 31, 2018
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer (CVE-2018-19787).

Affected Products

VendorProductVersionsPlatforms
Mageiapython-lxml0 (affected), 4.2.5-1.mga6 (unaffected)

Browse GCVE Records

73,280 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›