CVE-2019-13478 – Yoast SEO <= 11.5 - Authenticated Stored Cross Site Scripting

https://notcve.org/view.php?id=CVE-2019-13478

The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions. El plugin SEO de Yoast versiones anteriores a 11.6-RC5 para WordPress no restringe apropiadamente el HTML no filtrado en las descripciones de términos. The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via term descriptions in versions up to, and including, 11.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with post editor access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://github.com/Yoast/wordpress-seo/releases/tag/11.6-RC5 https://wpvulndb.com/vulnerabilities/9445 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •