CVE-2019-16222

Опубликовано: 11 сент. 2019

Источник: debian

EPSS Низкий

Описание

WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
wordpress	fixed	5.2.3+dfsg1-1		package
wordpress	fixed	4.7.5+dfsg-2+deb9u6	stretch	package

Примечания

https://core.trac.wordpress.org/changeset/45997
https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68

EPSS

Процентиль: 85%

0.02638

Низкий

Связанные уязвимости

CVE-2019-16222

CVSS3: 6.1

ubuntu

почти 6 лет назад

WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.

CVE-2019-16222

CVSS3: 6.1

nvd

почти 6 лет назад

WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.

GHSA-j28g-8c73-vhw9

CVSS3: 6.1

github

около 3 лет назад

WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.

BDU:2020-01941

CVSS3: 6.1

fstec

почти 6 лет назад

Уязвимость функции wp_kses_bad_protocol_once системы управления содержимым сайта WordPress, позволяющая нарушителю оказать воздействие на целостность данных

EPSS

Процентиль: 85%

0.02638

Низкий