jquery / jquery-wp-content

WordPress themes and plugins for the jQuery sites
GNU General Public License v2.0
253 stars 169 forks source link

[Bug reporting] XSS vulnerabilty in wp_kses_bad_protocol in wp-includes/kses.php (CVE-2019-20041) #433

Closed seongil-wi closed 3 years ago

seongil-wi commented 3 years ago

Hi

I found a known XSS vulnerability in the recent version of jquery-wp-content. In particular, the bug we report is a known bug by CVE-2019-20041.

wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring.

Please check this line: https://github.com/jquery/jquery-wp-content/blob/bb05d9c93312d2d7eaf9211fc73dbc6f52fd618c/plugins/vaultpress/class.vaultpress-hotfixes.php#L788

Thanks!

mgol commented 3 years ago

Please submit security issues to security@jquery.com, not to a public GitHub issue.

Please write an email and we can continue the discussion there.