Description
** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance.
Remediation
References
Related Vulnerabilities
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2018-14720)
MediaWiki Incorrect Authorization Vulnerability (CVE-2022-29906)
WordPress Plugin Appointment Booking Calendar CSV Injection (1.3.34)
LimeSurvey Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2019-16184)