Skip to content

[Bug reporting] XSS vulnerabilty in wp_kses_bad_protocol in wp-includes/kses.php (CVE-2019-20041) #433

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
seongil-wi opened this issue Sep 11, 2021 · 1 comment
Closed

[Bug reporting] XSS vulnerabilty in wp_kses_bad_protocol in wp-includes/kses.php (CVE-2019-20041) #433

seongil-wi opened this issue Sep 11, 2021 · 1 comment

Comments

@seongil-wi
Copy link

Hi

I found a known XSS vulnerability in the recent version of jquery-wp-content.
In particular, the bug we report is a known bug by CVE-2019-20041.

wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring.

Please check this line:

jquery-wp-content/plugins/vaultpress/class.vaultpress-hotfixes.php

Line 788 in bb05d9c

$string2 = preg_split( '/:|&#0*58;|&#x0*3a;/i', $string, 2 );

Thanks!
@mgol
Copy link
Member

mgol commented Sep 16, 2021

Please submit security issues to security@jquery.com, not to a public GitHub issue.

Please write an email and we can continue the discussion there.

@mgol mgol closed this as completed Sep 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mgol @seongil-wi