Description

wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

Remediation

References

CVE-2012-2404

Related Vulnerabilities

Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-5670)

WordPress Plugin AccessPress Social Counter Cross-Site Scripting (1.3.6)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33336)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-17267)

IBM WebSEAL Weak Password Requirements Vulnerability (CVE-2024-35137)

Severity

Medium

Classification

CVE-2012-2404 CWE-707

Tags

Missing Update Known Vulnerabilities