5 matches found
[SECURITY] [DSA 4599-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4599-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 08, 2020 https://www.debian.org/security/faq -...
CVE-2019-20041
wpksesbadprotocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript substring...
CVE-2019-20041
wpksesbadprotocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript substring...
CVE-2019-20041
wpksesbadprotocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript substring...
CVE-2019-20041
CVE-2019-20041: In WordPress, wp-includes/kses.php mishandles the HTML5 colon named entity (e.g., javascript:), allowing bypass of input sanitization on WordPress versions before 5.3.1. This is triggered by the javascript: substring example and constitutes an input-sanitization bypass in the kses...