Security Advisories
CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CVEs affecting projects tracked on Release Alert, from NVD & OSV.
wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring.