Lucene search
K

5 matches found

Debian
Debian
added 2020/01/08 5:47 a.m.140 views

[SECURITY] [DSA 4599-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4599-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 08, 2020 https://www.debian.org/security/faq -...

7.5CVSS1.1AI score0.36503EPSS
Exploits9
OSV
OSV
added 2019/12/27 8:15 a.m.41 views

CVE-2019-20041

wpksesbadprotocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript substring...

9.8CVSS6.6AI score
Exploits0References6
UbuntuCve
UbuntuCve
added 2019/12/27 8:15 a.m.38 views

CVE-2019-20041

wpksesbadprotocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript substring...

9.8CVSS7.2AI score0.04654EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2019/12/27 7:14 a.m.39 views

CVE-2019-20041

wpksesbadprotocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript substring...

9.8CVSS4.4AI score0.04654EPSS
Exploits1
CVE
CVE
added 2019/12/27 7:14 a.m.414 views

CVE-2019-20041

CVE-2019-20041: In WordPress, wp-includes/kses.php mishandles the HTML5 colon named entity (e.g., javascript:), allowing bypass of input sanitization on WordPress versions before 5.3.1. This is triggered by the javascript: substring example and constitutes an input-sanitization bypass in the kses...

9.8CVSS9.2AI score0.04654EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder