Skip to content
This repository was archived by the owner on Jan 25, 2022. It is now read-only.
This repository was archived by the owner on Jan 25, 2022. It is now read-only.

[Bug reporting] XSS vulnerabilty in wp_kses_bad_protocol in wp-includes/kses.php (CVE-2019-20041) #589

Open
Open
[Bug reporting] XSS vulnerabilty in wp_kses_bad_protocol in wp-includes/kses.php (CVE-2019-20041)#589
@seongil-wi

Description

@seongil-wi
seongil-wi
opened on Sep 11, 2021

Hi

I found a known XSS vulnerability in the recent version of wplib-box.
In particular, the bug we report is a known bug by CVE-2019-20041.

wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring.

Please check this line:

wplib-box/www/wp-includes/kses.php

Line 1325 in bf595c7

$string2 = preg_split( '/:|&#0*58;|&#x0*3a;/i', $string, 2 );

Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions