{"id":"CVE-2020-27783","details":"A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.","aliases":["GHSA-pgww-xf46-h92r","PYSEC-2020-62"],"modified":"2026-03-15T22:35:33.661230Z","published":"2020-12-03T17:15:13.177Z","related":["ALSA-2021:1761","ALSA-2021:1879","MGASA-2021-0038","SUSE-FU-2022:0444-1","SUSE-FU-2022:0445-1","SUSE-SU-2022:0803-1","SUSE-SU-2022:0895-1","SUSE-SU-2022:1729-1","SUSE-SU-2022:3460-1","SUSE-SU-2022:3461-1","SUSE-SU-2022:3836-1","openSUSE-SU-2022:0803-1","openSUSE-SU-2024:11236-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00028.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210521-0003/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4810"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1901633"},{"type":"FIX","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"EVIDENCE","url":"https://advisory.checkmarx.net/advisory/CX-2020-4286"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27783.json","unresolved_ranges":[{"events":[{"introduced":"1.2"},{"fixed":"4.6.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0.0.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.8"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}