Description

** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance.

Remediation

References

CVE-2012-0782

Related Vulnerabilities

Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-4034)

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17003)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-4319)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5471)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8625)

Severity

Medium

Classification

CVE-2012-0782 CWE-707

Tags

Missing Update Known Vulnerabilities