Vulnerability-Lookup

CVE-2026-28350 (GCVE-0-2026-28350)

Vulnerability from cvelistv5 – Published: 2026-03-05 19:49 – Updated: 2026-03-06 17:05

Title

lxml_html_clean: <base> tag injection through default Cleaner configuration

Summary

lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the <base> tag passes through the default Cleaner configuration. While page_structure=True removes html, head, and title tags, there is no specific handling for <base>, allowing an attacker to inject it and hijack relative links on the page. This issue has been patched in version 0.4.4.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-116 - Improper Encoding or Escaping of Output

Assigner

GitHub_M

References

URL

Tags

	https://github.com/fedora-python/lxml_html_clean/…	x_refsource_CONFIRM
	https://github.com/fedora-python/lxml_html_clean/…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	fedora-python	lxml_html_clean	Affected: < 0.4.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-28350",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-06T17:05:07.014572Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T17:05:13.841Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "lxml_html_clean",
          "vendor": "fedora-python",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.4.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the \u003cbase\u003e tag passes through the default Cleaner configuration. While page_structure=True removes html, head, and title tags, there is no specific handling for \u003cbase\u003e, allowing an attacker to inject it and hijack relative links on the page. This issue has been patched in version 0.4.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-116",
              "description": "CWE-116: Improper Encoding or Escaping of Output",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-05T19:49:55.662Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c"
        },
        {
          "name": "https://github.com/fedora-python/lxml_html_clean/commit/9c5612ca33b941eec4178abf8a5294b103403f34",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/fedora-python/lxml_html_clean/commit/9c5612ca33b941eec4178abf8a5294b103403f34"
        }
      ],
      "source": {
        "advisory": "GHSA-xvp8-3mhv-424c",
        "discovery": "UNKNOWN"
      },
      "title": "lxml_html_clean: \u003cbase\u003e tag injection through default Cleaner configuration"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-28350",
    "datePublished": "2026-03-05T19:49:55.662Z",
    "dateReserved": "2026-02-26T18:38:13.890Z",
    "dateUpdated": "2026-03-06T17:05:13.841Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-28350\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-05T20:16:16.333\",\"lastModified\":\"2026-03-09T20:55:26.037\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the \u003cbase\u003e tag passes through the default Cleaner configuration. While page_structure=True removes html, head, and title tags, there is no specific handling for \u003cbase\u003e, allowing an attacker to inject it and hijack relative links on the page. This issue has been patched in version 0.4.4.\"},{\"lang\":\"es\",\"value\":\"lxml_html_clean es un proyecto para funcionalidades de limpieza de HTML copiadas de \u0027lxml.html.clean\u0027. Antes de la versi\u00f3n 0.4.4, la etiqueta  pasa a trav\u00e9s de la configuraci\u00f3n predeterminada de Cleaner. Aunque page_structure=True elimina las etiquetas html, head y title, no hay un manejo espec\u00edfico para , permitiendo a un atacante inyectarla y secuestrar enlaces relativos en la p\u00e1gina. Este problema ha sido parcheado en la versi\u00f3n 0.4.4.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-116\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoralovespython:lxml_html_clean:*:*:*:*:*:python:*:*\",\"versionEndExcluding\":\"0.4.4\",\"matchCriteriaId\":\"A0BBE70C-C635-4143-83FD-87D7D95B37DD\"}]}]}],\"references\":[{\"url\":\"https://github.com/fedora-python/lxml_html_clean/commit/9c5612ca33b941eec4178abf8a5294b103403f34\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-28350\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-06T17:05:07.014572Z\"}}}], \"references\": [{\"url\": \"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-06T17:04:58.691Z\"}}], \"cna\": {\"title\": \"lxml_html_clean: \u003cbase\u003e tag injection through default Cleaner configuration\", \"source\": {\"advisory\": \"GHSA-xvp8-3mhv-424c\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"fedora-python\", \"product\": \"lxml_html_clean\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.4.4\"}]}], \"references\": [{\"url\": \"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c\", \"name\": \"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/fedora-python/lxml_html_clean/commit/9c5612ca33b941eec4178abf8a5294b103403f34\", \"name\": \"https://github.com/fedora-python/lxml_html_clean/commit/9c5612ca33b941eec4178abf8a5294b103403f34\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the \u003cbase\u003e tag passes through the default Cleaner configuration. While page_structure=True removes html, head, and title tags, there is no specific handling for \u003cbase\u003e, allowing an attacker to inject it and hijack relative links on the page. This issue has been patched in version 0.4.4.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-116\", \"description\": \"CWE-116: Improper Encoding or Escaping of Output\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-05T19:49:55.662Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-28350\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-06T17:05:13.841Z\", \"dateReserved\": \"2026-02-26T18:38:13.890Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-05T19:49:55.662Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

OPENSUSE-SU-2026:20345-1

Vulnerability from csaf_opensuse - Published: 2026-03-11 18:05 - Updated: 2026-03-11 18:05

Summary

Security update for python-lxml_html_clean

Notes

Title of the patch

Security update for python-lxml_html_clean

Description of the patch

This update for python-lxml_html_clean fixes the following issues: Changes in python-lxml_html_clean: - CVE-2026-28348: improper keywords checking can allow external CSS loading (bsc#1259378) - CVE-2026-28350: lack of base tag handling can allow the hijacking of the resolution of relative URLs (bsc#1259379)

Patchnames

openSUSE-Leap-16.0-packagehub-157

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for python-lxml_html_clean",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for python-lxml_html_clean fixes the following issues:\n\nChanges in python-lxml_html_clean:\n\n- CVE-2026-28348: improper keywords checking can allow external CSS loading (bsc#1259378)\n- CVE-2026-28350: lack of base tag handling can allow the hijacking of the resolution of relative URLs (bsc#1259379)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Leap-16.0-packagehub-157",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20345-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1259378",
        "url": "https://bugzilla.suse.com/1259378"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1259379",
        "url": "https://bugzilla.suse.com/1259379"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-28348 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-28348/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-28350 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-28350/"
      }
    ],
    "title": "Security update for python-lxml_html_clean",
    "tracking": {
      "current_release_date": "2026-03-11T18:05:18Z",
      "generator": {
        "date": "2026-03-11T18:05:18Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:20345-1",
      "initial_release_date": "2026-03-11T18:05:18Z",
      "revision_history": [
        {
          "date": "2026-03-11T18:05:18Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python313-lxml_html_clean-0.4.2-bp160.2.1.noarch",
                "product": {
                  "name": "python313-lxml_html_clean-0.4.2-bp160.2.1.noarch",
                  "product_id": "python313-lxml_html_clean-0.4.2-bp160.2.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 16.0",
                "product": {
                  "name": "openSUSE Leap 16.0",
                  "product_id": "openSUSE Leap 16.0"
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-lxml_html_clean-0.4.2-bp160.2.1.noarch as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:python313-lxml_html_clean-0.4.2-bp160.2.1.noarch"
        },
        "product_reference": "python313-lxml_html_clean-0.4.2-bp160.2.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-28348",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-28348"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the _has_sneaky_javascript() method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression() filters, allowing external CSS loading or XSS in older browsers. This issue has been patched in version 0.4.4.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:python313-lxml_html_clean-0.4.2-bp160.2.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-28348",
          "url": "https://www.suse.com/security/cve/CVE-2026-28348"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1259378 for CVE-2026-28348",
          "url": "https://bugzilla.suse.com/1259378"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:python313-lxml_html_clean-0.4.2-bp160.2.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-11T18:05:18Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-28348"
    },
    {
      "cve": "CVE-2026-28350",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-28350"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the \u003cbase\u003e tag passes through the default Cleaner configuration. While page_structure=True removes html, head, and title tags, there is no specific handling for \u003cbase\u003e, allowing an attacker to inject it and hijack relative links on the page. This issue has been patched in version 0.4.4.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:python313-lxml_html_clean-0.4.2-bp160.2.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-28350",
          "url": "https://www.suse.com/security/cve/CVE-2026-28350"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1259379 for CVE-2026-28350",
          "url": "https://bugzilla.suse.com/1259379"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:python313-lxml_html_clean-0.4.2-bp160.2.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-11T18:05:18Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-28350"
    }
  ]
}

FKIE_CVE-2026-28350

Vulnerability from fkie_nvd - Published: 2026-03-05 20:16 - Updated: 2026-03-09 20:55

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/fedora-python/lxml_html_clean/commit/9c5612ca33b941eec4178abf8a5294b103403f34	Patch
security-advisories@github.com	https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c	Exploit, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	fedoralovespython	lxml_html_clean	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fedoralovespython:lxml_html_clean:*:*:*:*:*:python:*:*",
              "matchCriteriaId": "A0BBE70C-C635-4143-83FD-87D7D95B37DD",
              "versionEndExcluding": "0.4.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the \u003cbase\u003e tag passes through the default Cleaner configuration. While page_structure=True removes html, head, and title tags, there is no specific handling for \u003cbase\u003e, allowing an attacker to inject it and hijack relative links on the page. This issue has been patched in version 0.4.4."
    },
    {
      "lang": "es",
      "value": "lxml_html_clean es un proyecto para funcionalidades de limpieza de HTML copiadas de \u0027lxml.html.clean\u0027. Antes de la versi\u00f3n 0.4.4, la etiqueta  pasa a trav\u00e9s de la configuraci\u00f3n predeterminada de Cleaner. Aunque page_structure=True elimina las etiquetas html, head y title, no hay un manejo espec\u00edfico para , permitiendo a un atacante inyectarla y secuestrar enlaces relativos en la p\u00e1gina. Este problema ha sido parcheado en la versi\u00f3n 0.4.4."
    }
  ],
  "id": "CVE-2026-28350",
  "lastModified": "2026-03-09T20:55:26.037",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-05T20:16:16.333",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/fedora-python/lxml_html_clean/commit/9c5612ca33b941eec4178abf8a5294b103403f34"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-116"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-XVP8-3MHV-424C

Vulnerability from github – Published: 2026-03-02 19:35 – Updated: 2026-03-05 22:49

Summary

lxml-html-clean has <base> tag injection through default Cleaner configuration

Details

Summary

The <base> tag passes through the default Cleaner configuration. While page_structure=True removes html, head, and title tags, there is no specific handling for <base>, allowing an attacker to inject it and hijack relative links on the page.

Details

The <base> tag is not currently in the page_structure kill set. Even though the specification says <base> must be inside <head>, browsers accept <base> tags outside of the head.

If an attacker injects a <base> tag, it changes the base URL for all relative URLs on the page (links, images, scripts) to a domain controlled by the attacker.

PoC

from lxml_html_clean import clean_html

# The base tag is preserved in the output
result = clean_html('<base href="http://evil.com/"><a href="/account">Account</a>')
print(result)
# Output: <div><base href="http://evil.com/">...<a href="/account">Account</a></div>

Impact

The injection of a <base> tag allows an attacker to hijack the resolution of all relative URLs on the page. This results in three critical attack vectors:

Phishing & Redirection: Attackers can redirect user navigation (e.g., <a href="/login">) and form submissions (e.g., <form action="/auth">) to an attacker-controlled domain, effectively stealing credentials or sensitive data without the user realizing they have left the legitimate site.
Cross-Site Scripting (XSS): If the victim application loads JavaScript files using relative paths (e.g., <script src="assets/app.js">), the browser will attempt to fetch the script from the attacker's domain. This upgrades the vulnerability from HTML injection to full Stored XSS.
Defacement: Relative references to images (<img>) and stylesheets (<link>) will be loaded from the attacker's server, allowing for UI redressing or defacement.

Severity ?

6.1 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.4.3"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "lxml-html-clean"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-28350"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-116"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-02T19:35:52Z",
    "nvd_published_at": "2026-03-05T20:16:16Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nThe `\u003cbase\u003e` tag passes through the default `Cleaner` configuration. While `page_structure=True` removes `html`, `head`, and `title` tags, there is no specific handling for `\u003cbase\u003e`, allowing an attacker to inject it and hijack relative links on the page.\n\n### Details\nThe `\u003cbase\u003e` tag is not currently in the `page_structure` kill set. Even though the specification says `\u003cbase\u003e` must be inside `\u003chead\u003e`, browsers accept `\u003cbase\u003e` tags outside of the head.\n\nIf an attacker injects a `\u003cbase\u003e` tag, it changes the base URL for all relative URLs on the page (links, images, scripts) to a domain controlled by the attacker.\n\n### PoC\n```python\nfrom lxml_html_clean import clean_html\n\n# The base tag is preserved in the output\nresult = clean_html(\u0027\u003cbase href=\"http://evil.com/\"\u003e\u003ca href=\"/account\"\u003eAccount\u003c/a\u003e\u0027)\nprint(result)\n# Output: \u003cdiv\u003e\u003cbase href=\"http://evil.com/\"\u003e...\u003ca href=\"/account\"\u003eAccount\u003c/a\u003e\u003c/div\u003e\n```\n\n### Impact\nThe injection of a `\u003cbase\u003e` tag allows an attacker to hijack the resolution of **all** relative URLs on the page. This results in three critical attack vectors:\n\n1.  **Phishing \u0026 Redirection:** Attackers can redirect user navigation (e.g., `\u003ca href=\"/login\"\u003e`) and form submissions (e.g., `\u003cform action=\"/auth\"\u003e`) to an attacker-controlled domain, effectively stealing credentials or sensitive data without the user realizing they have left the legitimate site.\n2.  **Cross-Site Scripting (XSS):** If the victim application loads JavaScript files using relative paths (e.g., `\u003cscript src=\"assets/app.js\"\u003e`), the browser will attempt to fetch the script from the attacker\u0027s domain. This upgrades the vulnerability from HTML injection to full Stored XSS.\n3.  **Defacement:** Relative references to images (`\u003cimg\u003e`) and stylesheets (`\u003clink\u003e`) will be loaded from the attacker\u0027s server, allowing for UI redressing or defacement.",
  "id": "GHSA-xvp8-3mhv-424c",
  "modified": "2026-03-05T22:49:24Z",
  "published": "2026-03-02T19:35:52Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28350"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fedora-python/lxml_html_clean/commit/9c5612ca33b941eec4178abf8a5294b103403f34"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/fedora-python/lxml_html_clean"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "lxml-html-clean has \u003cbase\u003e tag injection through default Cleaner configuration"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-28350 (GCVE-0-2026-28350)

OPENSUSE-SU-2026:20345-1

FKIE_CVE-2026-28350

GHSA-XVP8-3MHV-424C

Summary

Details

PoC

Impact

Tags

Sightings

Nomenclature