kses Multiple Input Validation Vulnerabilities

info
discussion
exploit
solution
references

kses Multiple Input Validation Vulnerabilities

Attackers can exploit the cross-site scripting issues by enticing an unsuspecting user to follow a malicious URI. Attackers can exploit the code-execution vulnerability with a browser.

The following proof-of-concept URIs and exploit code are available:

/data/vulnerabilities/exploits/28599.html
/data/vulnerabilities/exploits/28599-moodle.php