7 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-16223
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.2.3 allows XSS in post previews by authenticated users. CVE-2019-16223 Note that Nessus relies on the presence of the package as reported by...
WordPress Core Cross Site Scripting (CVE-2019-16223)
A cross site scripting vulnerability exists in WordPress Core. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Wordpress Core 5.2.2 - 'post previews' XSS
Exploit Title: Wordpress Core 5.2.2 - 'post previews' XSS Date: 31/12/2020 Exploit Author: gx1 Vulnerability Discovery: Simon Scannell Vendor Homepage: https://wordpress.com/ Software Link: https://github.com/WordPress/WordPress Version: = 5.2.2 Tested on: any CVE: CVE-2019-16223 References:...
WordPress Core 5.2.2 Cross Site Scripting
Exploit Title: Wordpress Core 5.2.2 - 'post previews' XSS Date: 31/12/2020 Exploit Author: gx1 Vulnerability Discovery: Simon Scannell Vendor Homepage: https://wordpress.com/ Software Link: https://github.com/WordPress/WordPress Version: = 5.2.2 Tested on: any CVE: CVE-2019-16223 References:...
[SECURITY] [DSA 4599-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4599-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 08, 2020 https://www.debian.org/security/faq -...
UBUNTU-CVE-2019-16223
WordPress before 5.2.3 allows XSS in post previews by authenticated users...
CVE-2019-16223
WordPress Core prior to 5.2.3 is vulnerable to an XSS in post previews when accessed by authenticated users. The root cause involves wp_kses_bad_protocol_once() URL sanitization, which in affected versions can be bypassed via crafted input, enabling arbitrary script execution in the user’s browse...