Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Oracle HTTP Server Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-43818 - Vulnerability Database
Oracle HTTP Server

Oracle HTTP Server Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-43818

High
Reference: CVE-2021-43818
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-43818
Title: Oracle HTTP Server Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5 the HTML Cleaner in lxml.html lets certain crafted script content pass through as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.