CVE-2019-20041

2019-12-27T08:15:00
ID CVE-2019-20041
Type cve
Reporter cve@mitre.org
Modified 2020-01-08T12:15:00

Description

wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring.