Lucene search
MitreCVELIST:CVE-2019-20041HistoryDec 27, 2019 - 7:14 a.m.
CVE-2019-20041
2019-12-2707:14:52
mitre
www.cve.org
wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring.
References
github.com/WordPress/wordpress-develop/commit/b1975463dd995da19bb40d3fa0786498717e3c53
lists.debian.org/debian-lts-announce/2020/01/msg00010.html
seclists.org/bugtraq/2020/Jan/8
wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
www.debian.org/security/2020/dsa-4599
www.debian.org/security/2020/dsa-4677
Related
debiancve
debiancve
CVE-2019-20041
2019-12-27 08:15:09
veracode
veracode
Cross-site Scripting (XSS)
2020-01-22 04:46:10
prion
prion
Input validation
2019-12-27 08:15:00
nessus
nessus
Debian DLA-2067-1 : wordpress security update
2020-01-15 00:00:00
Debian DSA-4599-1 : wordpress - security update
2020-01-09 00:00:00
Debian DSA-4677-1 : wordpress - security update
2020-05-07 00:00:00
ubuntucve
ubuntucve
CVE-2019-20041
2019-12-27 00:00:00
osv
osv
wordpress - security update
2020-01-14 00:00:00
CVE-2019-20041
2019-12-27 08:15:09
wordpress - security update
2020-01-08 00:00:00
nvd
nvd
CVE-2019-20041
2019-12-27 08:15:09
debian
debian
[SECURITY] [DLA 2067-1] wordpress security update
2020-01-14 12:36:45
[SECURITY] [DSA 4599-1] wordpress security update
2020-01-08 05:47:13
[SECURITY] [DSA 4599-1] wordpress security update
2020-01-08 05:47:13
wpexploit
wpexploit
WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass
2019-12-13 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2067-1)
2020-01-15 00:00:00
Chamilo LMS < 1.11.18 Multiple Vulnerabilities
2022-09-30 00:00:00
WordPress Multiple Vulnerabilities (Dec 2019) - Linux
2019-12-16 00:00:00
wpvulndb
wpvulndb
WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass
2019-12-13 00:00:00
patchstack
patchstack
WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass vulnerability
2020-01-06 00:00:00
cve
cve
CVE-2019-20041
2019-12-27 08:15:09