Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug reporting] two XSS vulnerabilties in wp_kses_bad_protocol in ActivateLinks.php and BKActivateLinks.php(CVE-2019-20041) #28

Open
seongil-wi opened this issue Sep 11, 2021 · 0 comments

Comments

@seongil-wi
Copy link

Hi

I found two known XSS vulnerabilities in the recent version of bugkick.
In particular, the bug we report is a known bug by CVE-2019-20041.

wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring.

Please check this lines:

$string2 = preg_split( '/:|&#0*58;|&#x0*3a;/i', $string, 2 );

$string2 = preg_split( '/:|&#0*58;|&#x0*3a;/i', $string, 2 );

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant