kses-based HTML filters Multiple Vulnerabilities

This following security advisory was posted to Web App Sec ’s mailing list . It’s about the weaknesses discovered in kses - PHP HTML/XHTML filter , which affects some public cms such as Wordpress, Moodle , Drupal , DokeOS , GeekLog , etc

Here’s the short excerpt about it : (taken from webappsec.org mailing list)

During internal code review performed by Allegro.pl, some weaknesses
were discovered in kses - PHP HTML/XHTML filter. HTML filters using or
based on kses are part of many popular projects, including WordPress,
Moodle, Drupal, eGroupWare, Dokeos, PHP-Nuke, Geeklog and others. Issues
found range from cross-site scripting to code execution, depending on
implementation.


[Read the rest on (it)gossips network: lain]

Don’t forget to checkout the following post too.
wp-scanner : Wordpress Vulnerabilities Scanner Plugin
Subscribe to Our FREE Newsletter Now:

Email Address
This entry was posted on April 3, 2008 at 10:32 am, filed under Uncategorized. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

Leave a comment. Your email is never published nor shared. Required fields are marked *

*
*
Some people come to this post with this search term: about,