XSS Exploit in KSES filtered strings (Security issue in elgg 1.5)
|Reported by:||heyho||Owned by:|
A old XSS security issue affecting Kses stills affect Elgg.
You can try theses proof of concept via the Elgg search engine.
Also, the kses lib does many calls to preg_replace() using the modifier /e
when preg_replace() is called with this modifier, the interpreter will parse the replacement string as PHP code once for every replacement made
Change History (9)
comment:2 Changed 4 years ago by marcus
- Summary changed from Security issue in elgg 1.5 to XSS Exploit in KSES filtered strings (Security issue in elgg 1.5)
comment:8 Changed 4 years ago by heyho
- Resolution fixed deleted
- Status changed from closed to reopened