CVE-2026-28348

← CVEs

MED 6.1

Published

2026-03-05

Last Modified

2026-03-09

Affected Apps

Affected Devices

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the _has_sneaky_javascript() method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression() filters, allowing external CSS loading or XSS in older browsers. This issue has been patched in version 0.4.4.

Affected Applications in Environment 4

Python

11 devices

Python vWindows 11 (26.57288.0)

1 device

python v2.7.5-5ubuntu3

1 device

python v2.7.5-93.el7_9

1 device

Affected Devices 14

Brians-Mac-mini.local Mac Kellys-MacBook-Pro-3.local Mac MacBook-Pro.local Mac a00017110-J7TV3C9HW5 Mac a00344487-F622TJW0NM Mac a02235045-MX74HJV2J3 Mac a02265864-LFW93MQ9P7 Mac a02388352-LQ22WMQLKF Mac a02424859-LHV909KCR7 Mac a02456553-G06QD7XKWW Mac a02513954-D2V97K4D2L Mac guru.cluster Linux mac.lan Mac web05 Linux

References 3