CVE-2019-16222

Опубликовано: 11 сент. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.

Ссылки

https://core.trac.wordpress.org/changeset/45997
Patch
Vendor Advisory
https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00023.html
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2020/Jan/8
Mailing List
Third Party Advisory
https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/
Release Notes
Vendor Advisory
https://wpvulndb.com/vulnerabilities/9867
Exploit
Third Party Advisory
https://www.debian.org/security/2020/dsa-4599
Third Party Advisory
https://www.debian.org/security/2020/dsa-4677
Third Party Advisory
https://core.trac.wordpress.org/changeset/45997
Patch
Vendor Advisory
https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00023.html
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2020/Jan/8
Mailing List
Third Party Advisory
https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/
Release Notes
Vendor Advisory
https://wpvulndb.com/vulnerabilities/9867
Exploit
Third Party Advisory
https://www.debian.org/security/2020/dsa-4599
Third Party Advisory
https://www.debian.org/security/2020/dsa-4677
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

Версия до 5.2.3 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02638

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-16222

CVSS3: 6.1

ubuntu

почти 6 лет назад

WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.

CVE-2019-16222

CVSS3: 6.1

debian

почти 6 лет назад

WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_b ...

GHSA-j28g-8c73-vhw9

CVSS3: 6.1

github

около 3 лет назад

WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.

BDU:2020-01941

CVSS3: 6.1

fstec

почти 6 лет назад

Уязвимость функции wp_kses_bad_protocol_once системы управления содержимым сайта WordPress, позволяющая нарушителю оказать воздействие на целостность данных

EPSS

Процентиль: 85%

0.02638

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79