Description
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.
Remediation
References
Related Vulnerabilities
WordPress Plugin Slack-Chat Information Disclosure (1.5.5)
Internet Information Services Other Vulnerability (CVE-2002-0074)
SharePoint CVE-2020-1502 Vulnerability (CVE-2020-1502)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Request Forgery (3.8.9)
WordPress Plugin Related Posts for WordPress Cross-Site Scripting (1.8.1)